From: KENNEDY VAN DAM Eric (no email)
Date: Thu Mar 01 2007 - 07:49:12 EST
> -----Message d'origine-----
> De : KENNEDY VAN DAM Eric
> Envoyé : jeudi 1 mars 2007 11:34
> À : postfix
> Objet : RE: smtpd_restriction_classes Question
>
>
> > -----Message d'origine-----
> > De : Jan P. Kessler [mailto:]
> > Envoyé : jeudi 1 mars 2007 10:01
> > À : KENNEDY VAN DAM Eric
> > Cc : postfix
> > Objet : Re: smtpd_restriction_classes Question
> >
> > > I've bought the O'Reilly book about Postfix and I see that
> > I can create
> > > my own restriction classes.
> > > My question is the following: can I use this to choose
> > which computer
> > > are allowed to use my relay server to send mail to Internet
> > and which
> > > are not ?
> >
> > You can BUT you don't need that nuclear rocket to kill some
> > sparrows ;)
> > Just set your mynetworks correctly:
> >
> > mynetworks = 192.168.1.0/24, !192.168.1.2, !192.168.1.3
> > smtpd_recipient_restrictions = permit_mynetworks
> > reject_unauth_destination
> >
> > This allows relaying to 192.168.1/24 but not for .2 and .3.
> > If the list
> > grows you can put that information into files (i'd suggest
> "cidr" type
> > dbs).
> >
> > note: you might want to add some other fancy restrictions.
>
> Sure but it is not so simple.
> My mail relay is already configured ton only allow some
> servers to relay but... All of them can relay to the main
> mail server and only some of them can relay to the outside
> (using the external mail relay).
Ok... I'll try to be more explicit :)
Server1 _
Server2 _\ _______ Internal-Mail-server
Server3 __\______ Internal-relay _/
Server4 __/ \_______ External-Relay
Server5 _/
All the servers MUST use Internal-relay
Let's say Server1 and Server4 are the only servers who are allowed to relay to Internal-Mail-server AND to Internet via External-Relay. The others can only send internal mail to @my.maildomain, @my.other.domain, @that.domain via Internal-Mail-server
Can this works ?
In main.cf:
-----------
Smtpd_restrictions_classes = insiders,outsiders
Insiders = check_recipient_access map:/etc/postfix/mail-domains, reject_unauth_destination
Outsiders = permit_mynetwork
Smtpd_recipient_restrictions = check_client_access map:/etc/postfix/insiders-outsiders
In /etc/postfix/insiders-outsiders:
-----------------------------------
Server1 outsiders
Server2 insiders
Server3 insiders
Server4 outsiders
Server5 insiders
In /etc/postfix/mail-domains:
-----------------------------
@my.maildomain ACCEPT
@my.other.domain ACCEPT
@that.domain ACCEPT
If it won't work, what can you suggest ? Maybe something easier ?
Thanks anyway
-- Kennedy van Dam Eric Unix/Storage Team Phone: +32 (0)2 529 3375 Mail:
|
|
|