From: mouss (no email)
Date: Thu Mar 01 2007 - 17:24:17 EST
KENNEDY VAN DAM Eric wrote:
>
>
>> -----Message d'origine-----
>> De : KENNEDY VAN DAM Eric
>> Envoyé : jeudi 1 mars 2007 11:34
>> À : postfix
>> Objet : RE: smtpd_restriction_classes Question
>>
>>
>>
>>> -----Message d'origine-----
>>> De : Jan P. Kessler [mailto:]
>>> Envoyé : jeudi 1 mars 2007 10:01
>>> À : KENNEDY VAN DAM Eric
>>> Cc : postfix
>>> Objet : Re: smtpd_restriction_classes Question
>>>
>>>
>>>> I've bought the O'Reilly book about Postfix and I see that
>>>>
>>> I can create
>>>
>>>> my own restriction classes.
>>>> My question is the following: can I use this to choose
>>>>
>>> which computer
>>>
>>>> are allowed to use my relay server to send mail to Internet
>>>>
>>> and which
>>>
>>>> are not ?
>>>>
>>> You can BUT you don't need that nuclear rocket to kill some
>>> sparrows ;)
>>> Just set your mynetworks correctly:
>>>
>>> mynetworks = 192.168.1.0/24, !192.168.1.2, !192.168.1.3
>>> smtpd_recipient_restrictions = permit_mynetworks
>>> reject_unauth_destination
>>>
>>> This allows relaying to 192.168.1/24 but not for .2 and .3.
>>> If the list
>>> grows you can put that information into files (i'd suggest
>>>
>> "cidr" type
>>
>>> dbs).
>>>
>>> note: you might want to add some other fancy restrictions.
>>>
>> Sure but it is not so simple.
>> My mail relay is already configured ton only allow some
>> servers to relay but... All of them can relay to the main
>> mail server and only some of them can relay to the outside
>> (using the external mail relay).
>>
>
> Ok... I'll try to be more explicit :)
>
>
> Server1 _
> Server2 _\ _______ Internal-Mail-server
> Server3 __\______ Internal-relay _/
> Server4 __/ \_______ External-Relay
> Server5 _/
>
> All the servers MUST use Internal-relay
> Let's say Server1 and Server4 are the only servers who are allowed to relay to Internal-Mail-server AND to Internet via External-Relay. The others can only send internal mail to @my.maildomain, @my.other.domain, @that.domain via Internal-Mail-server
>
> Can this works ?
> In main.cf:
> -----------
>
> Smtpd_restrictions_classes = insiders,outsiders
> Insiders = check_recipient_access map:/etc/postfix/mail-domains, reject_unauth_destination
>
remove reject_unauth_destination from here.
> Outsiders = permit_mynetwork
> Smtpd_recipient_restrictions = check_client_access map:/etc/postfix/insiders-outsiders
>
add reject_unauth_destination here.
Hint1: what would postfix do for clients that are not listed in your
insiders-outsiders?
Hint2: postfix doesn't accept (even if only apparently) open
smtpd_recipient_restrictions
> In /etc/postfix/insiders-outsiders:
> -----------------------------------
> Server1 outsiders
> Server2 insiders
> Server3 insiders
> Server4 outsiders
> Server5 insiders
>
> In /etc/postfix/mail-domains:
> -----------------------------
> @my.maildomain ACCEPT
> @my.other.domain ACCEPT
> @that.domain ACCEPT
>
remove the '@'. reread the access man page for the format of entries.
|
|
|