Loading ...
Sorry, an error occurred while loading the content.

Re: LDAP smtpd_recipient_restrictions

Expand Messages
  • mouss
    ... use 2 maps. nothing requires that you check senders and recipients using a single map.
    Message 1 of 7 , Sep 30, 2007
    • 0 Attachment
      James Wilson wrote:
      > On 27 Sep 2007, at 11:46, James Wilson wrote:
      >>
      >> Thanks - I now have this working. Turning on +v to smtpd in master.cf
      >> helped no end! As suspected, my query was not correctly matching the
      >> input key.
      >>
      >> I'm now faced with one last issue... Say I have two domains for which
      >> Postfix is authoritative and accepts mail; both of which do not accept
      >> mail from the internet and are on internal relays.
      >>
      >> domain1.sch.uk
      >> domain2.sch.uk
      >>
      >> Is it possible using built in policy restrictions to only allow
      >> senders from domain1.sch.uk to email users from domain1.sch.uk, but
      >> deny from domain2.sch.uk
      >>
      >> Using the smtpd_recipient_restrictions and smtpd_restriction_classes
      >> to check the sender address or recipient address doesn't give the
      >> granularity I require.
      >>
      >> As both domains exist in the access map, check_sender_access and
      >> check_recipient_access will always match.
      >>
      >> /etc/postfix/access:
      >>
      >> domain1.sch.uk OK
      >> domain2.sch.uk OK
      >>
      >> etc
      >
      >
      > Anyone able to assist?


      use 2 maps. nothing requires that you check senders and recipients using
      a single map.
    • James Wilson
      ... Hi Mouss, Could you please elaborate? Even with multiple maps, won t all internal domains be trusted? Cheers, James
      Message 2 of 7 , Oct 1, 2007
      • 0 Attachment
        On 1 Oct 2007, at 05:51, mouss wrote:

        > use 2 maps. nothing requires that you check senders and recipients
        > using
        > a single map.

        Hi Mouss,

        Could you please elaborate? Even with multiple maps, won't all
        internal domains be trusted?

        Cheers,

        James
      • mouss
        ... you need is not completely specified (I don t know who can do what exactly), but hee is the idea. smtpd_restriction_classes = ... only_domain2_senders
        Message 3 of 7 , Oct 1, 2007
        • 0 Attachment
          James Wilson wrote:
          > On 1 Oct 2007, at 05:51, mouss wrote:
          >
          >> use 2 maps. nothing requires that you check senders and recipients using
          >> a single map.
          >
          > Hi Mouss,
          >
          > Could you please elaborate? Even with multiple maps, won't all internal
          > domains be trusted?
          >

          you need is not completely specified (I don't know who can do what
          exactly), but hee is the idea.

          smtpd_restriction_classes =
          ...
          only_domain2_senders

          smtpd_recipient_restrictions =
          ...
          check_recipient hash:/path/recipient_access

          only_domain2_senders =
          check_sender_access hash:/etc/path/domain2_allowed_senders
          reject

          == recipient_access:
          domain2.example only_domain2_senders


          == domain2_allowed_senders:
          domain2.example OK


          With this, only senders in domain2.example can send to addresses in
          domain2.example.


          of course, users can forge their sender address to get around this. if
          this is a concern, you'll need authentication and
          reject_sender_login_mismatch.
        Your message has been successfully submitted and would be delivered to recipients shortly.