From: mouss (no email)
Date: Sun Feb 15 2009 - 09:20:55 EST
Rocco Scappatura a écrit :
> I need to setup a mail server for outgoing email only. I clearly would
> like to restrict access to my networks only.
> Moreover, I would like to permit only to some envelope senders to relay
> email trhough a such MTA. And no other envelope sender should be able to
> relay trhough this MTA.
> So the restriction classes are made so:
> smtpd_client_restrictions =
> proxy:mysql:/etc/postfix/mysql-check-client-filter-access.cf <-- this
> let me disable some content checking through filter (Amavisd-new). No
> smtpd_helo_restrictions =
> smtpd_sender_restrictions =
> smtpd_recipient_restrictions =
If I understand you, you want something like:
- if IP is in a list of allowed IPs, _and_ if sender is in a list of
allowed sender, permit
- anything else is rejected
what you did above is
- if IP .... _OR_ ...
which is not the same thing. (I am assuming your maps return OK).
This is also safer (if check_sender_access accidentally returns an OK,
you don't become an open relay).
> Please note that I use "check_client_access" restriction together with:
> mynetworks = /etc/postfix/relay
> to limit access to SMTP relay server per IP.
I don't understand this part. I see no permit_mynetworks in the snippet
> This configuration doesn't work. What is conceptually wrong in my
> Finally I would like to deny message delivery to my mail server.. It
> should suffice to unset "relay_domains" or it is too restrictive doing
to disable "local" delivery, check the FIREWALL README.
In addition, if you don't have relay domains, then set