Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

smtpd_restriction_classes works partially; need some help

Status
Not open for further replies.

pete2012

Technical User
Jan 9, 2013
4
NL
Hi,
I have the following question:
- By default: All hosts should be able to mail to domain1.org, domain2.org, internaldomain.org and subdomains
- If the host(s) may_use_external_mail, they should be able to mail to other external addresses
If a mail doesn't match above requirements, it has to be rejected.

The configuration below works, but I have to list each host in /etc/postfix/policy_by_machines.
And that is not what I want. Can somebody help me ?

Code:
smtpd_restriction_classes = may_use_external_mail, only_internal_mail

may_use_external_mail =
   permit

only_internal_mail =
   check_recipient_access hash:/etc/postfix/allowed_recipients
   reject

smtpd_client_restrictions =
   check_client_access hash:/etc/postfix/policy_by_machines 
   permit

smtpd_recipient_restrictions =
   permit_mynetworks
   reject_unauth_destination
   permit

cat /etc/postfix/allowed_recipients
@domain1.org
@domain2.org

cat /etc/postfix/policy_by_machines 
workstation1.internal.domain       may_use_external_mail
workstation2.internal.domain       only_internal_mail
 
Code:
of course the last line must be:
cat /etc/postfix/allowed_recipients
@domain1.org OK
@domain2.org OK
 
Well I already fixed it. Hope anyone can use it.
Code:
relay_domains = $mydestination, hash:/etc/postfix/relay_domains
smtpd_helo_required = yes
smtpd_restriction_classes = may_use_external_mail
may_use_external_mail = permit
smtpd_client_restrictions =
   check_client_access hash:/etc/postfix/hosts_may_use_external_mail,
   reject_unauth_destination
   reject_invalid_hostname,
   reject_non_fqdn_hostname,
   reject_non_fqdn_sender,
   reject_non_fqdn_recipient,
   reject_unknown_hostname
 
Simpler and finally working:
Code:
relay_domains = $mydestination, hash:/etc/postfix/relay_domains

smtpd_restriction_classes =
   may_use_external_mail

may_use_external_mail =
   permit

smtpd_recipient_restrictions =
   check_client_access hash:/etc/postfix/hosts_may_use_external_mail
   reject_unauth_destination
   permit
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top