Ok I was able to get half my objective done by using smtpd_restriction_classes following this postfix.org/RESTRICTION_CLASS_README.html#external . What I did was put that restriction AFTER permit_mynetworks but before permit_sasl_authenticated, which means I, the admin, can send out anywhere. Its really a restriction for everyone else which fall under permit_sasl_authenticated. now i would like to block the outside domains from sending them emails. only i, the admin, should receive them.
On Fri, Mar 28, 2014 at 10:08 AM, Shawn Zaidermann < cybermassproductioncen...@gmail.com> wrote: > Well I did look that over but I am looking for the opposite. It mentions > it is left as an exercise for the reader to determine a scheme to block > most users access and only allow some (or in my case, just myself, the > admin). Also this only touches on outbound. I also need to restrict inbound > for everybody except myself. I have a feeling that permit_mynetworks should > come first under smtpd_recipient_restrictions. Now Im trying to figure out > whether I need transport maps or classes or how I would set this up. Also I > did group my restrictions separately for each section, meaning client, > sender etc. But I see it is better practice to include them all under > smtpd_recipient_restrictions > > > On Fri, Mar 28, 2014 at 6:50 AM, Noel Jones <njo...@megan.vbhcs.org>wrote: > >> On 3/28/2014 4:06 AM, cybermass wrote: >> > Hi. I need to restrict access to only my internal domain but allow >> those in >> > permit_mynetworks to receive and send to any outside domain such as >> > gmail.com or so. So all users can only email each other in the local >> domain >> > but the admin in mynetworks may access the outside. Should I use the >> > transport maps? So far to restrict access to just the internal domain, I >> > simply reject all for client, sender and recipient, and helo. My >> > restrictions for each look like this: >> > >> > permit_mynetworks, >> > permit_sasl_authenticated, >> > reject >> > >> > for each one. It may seem redundant, but now I need mynetworks to >> access the >> > outside so everything has to change. How do I go about doing it right? >> > >> > Thanks, >> > Shawn >> >> >> Maybe this helps: >> http://www.postfix.org/RESTRICTION_CLASS_README.html#external >> >> >> >> -- Noel Jones >> >> >
