On 2021-01-06 Burn Zero wrote: > I need to restrict outbound email to the internet by client IP. i.e. > if an IP is in a blocked list, it should only be allowed to be sent to > local domains. Is this possible? Please advise. > > I read http://www.postfix.org/RESTRICTION_CLASS_README.html but it is > only using the usernames and not the IP address.
Using check_client_access instead of check_sender_access should do what you want: ----8<---- # /etc/postfix/main.cf ... smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination ... check_client_access cidr:/etc/postfix/restricted_clients.cidr ... smtpd_restriction_classes = local_only local_only = check_recipient_access hash:/etc/postfix/local_domains reject ... ---->8---- ----8<---- # /etc/postfix/restricted_clients.cidr 192.168.23.42 local_only 192.168.17.0/24 local_only ... ---->8---- ----8<---- # /etc/postfix/local_domains foo.example.org OK bar.example.org OK ... ---->8---- Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq
