Yes exactly, provided that the server is authoriative for that domain, eg is listed as MX, listed in mydestinations and can receive mail from the internet.
Note that you still need to remove permit_authenticated from your restrictions list, else leaked username/password from the production server can be misused. -----Ursprungligt meddelande----- Från: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] För Mark Holmes Skickat: den 18 oktober 2016 21:54 Till: 'Sebastian Nielsen' <sebast...@sebbe.eu>; postfix-users@postfix.org Ämne: RE: Restriction question Great, thanks - so, just to confirm - with that config, dev and test will still be able to email our 'internal' domain eg eu.biworldwide.com, but nothing else? -----Original Message----- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Sebastian Nielsen Sent: 18 October 2016 20:51 To: postfix-users@postfix.org Subject: SV: Restriction question Set mynetworks to only contain the IPs or networks of the production server. You can use /32 to list single IPs. Like: mynetworks = 123.123.123.123/32, 222.222.222.222/32 etc Thus, the server will automatically only permit mail to mydestination (eg, the domain that the server is authorative for) since the dev and test server will then look like "external" users. Note that you will have to remove "permit_authenticated" from your relay restrictions. -----Ursprungligt meddelande----- Från: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] För Mark Holmes Skickat: den 18 oktober 2016 21:46 Till: 'postfix-users@postfix.org' <postfix-users@postfix.org> Ämne: Restriction question Hi list, I'd like to configure Postfix such that I can prevent certain IP's/networks from sending email to 'external' recipients. I'm basically trying to set it so that our dev and test web application servers can't email any domains other than our own - so developers can test email functionality without the risk of sending email out to 'real' addresses by mistake. So I need something that says 'if the server is from this IP/network then only allow mail to mydomain.net'. Or more likely, something which says 'these internal networks can only send to internal recipients, with the exception of these IP's which can also send to external recipients' I've done some Googling but can't quite figure the best way to achieve this. Grateful for any pointers! Many thanks, Mark This e-mail message is being sent solely for use by the intended recipient(s) and may contain confidential information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by phone or reply by e-mail, delete the original message and destroy all copies. Thank you. This e-mail message is being sent solely for use by the intended recipient(s) and may contain confidential information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by phone or reply by e-mail, delete the original message and destroy all copies. Thank you.
smime.p7s
Description: S/MIME Cryptographic Signature
