From: Justin Zygmont (no email)
Date: Fri Dec 02 2005 - 21:24:42 EST
On Thu, 1 Dec 2005, Harvey Smith wrote:
> On Wed, Jan 11, 2006 at 01:31:54AM -0500, Justin Zygmont wrote:
>> Hi, I am trying to setup postfix so that users can only send local email
>> by default, and only certian users can send mail outbound. From the
>> restriction class readme, it teases me saying it is left as an
>> exercise:) I have tried to figure out how to do this without much luck,
>> does anyone know how it is supposed to be done?
>>
>>
>> thanks...
>>
>> -------------------------------------------------------------------
>> It is left as an exercise for the reader to change this into a scheme
>> where only some users have permission to send mail to off-site
>> destinations, and where most users are restricted.
>>
>>
>> /etc/postfix/main.cf:
>> smtpd_recipient_restrictions =
>> check_sender_access hash:/etc/postfix/restricted_senders
>> ...other stuff...
>>
>> smtpd_restriction_classes = local_only
>> local_only =
>> check_recipient_access hash:/etc/postfix/local_domains, reject
>>
>> /etc/postfix/restricted_senders:
>> foo at domain local_only
>> bar at domain local_only
>>
>> /etc/postfix/local_domains:
>> this.domain OK matches this.domain and subdomains
>> that.domain OK matches that.domain and subdomains
>
> Well, in less I'm missing something the thing that is confusing about
> this is the "left as an exercise for the reader to change this into a
> scheme where only some users have permission" line, as it appears this
> scheme doesn't need any changes. Merely NOT putting your unrestricted
> users in the /etc/postfix/restricted_senders file will allow them to
> send as normal.
>
> Though as an alternative, if you had many/most users as local_only and
> only a small number that are unrestricted it might be easier to
> maintain the list by unrestricted users instead of listing all the
> restricted ones. For example in /etc/postfix/restricted_senders have:
yes, that is exactly what I want to do
> OK
> domain.tld local_only
>
> Though for clarity you might want to change the file name to
> unrestricted_senders.
doesn't seem to work, nothing will send that way. Did you try it like
this before?
|
|
|