Postfix smtpd_restriction_classes for Dummies - Part II

OK, another example for those of you who still don't get it:

Question:

I have a customer who wants a setup where all his users can send mail to each other internally, all users will be able to receive email from the outside but only some of the users will be able to send mail outside.

Answer:

In main.cf, use:


mynetworks = 127.0.0.0/8

smtpd_restriction_classes =
   may_use_external_mail,
   only_internal_mail
      
smtpd_recipient_restrictions =
   permit_mynetworks
   reject_unauth_destination
   check_client_access hash:/etc/postfix/policy_by_machines
   # Alternative:
   # check_sender_access hash:/etc/postfix/policy_by_senders
   ... your favourite anti spam stuff here ...
   permit

may_use_external_mail =
   permit
   # allow ANY mail
  
only_internal_mail =
   check_recipient_access hash:/etc/postfix/allowed_recipients
   # allow internal mail
   reject

in /etc/postfix/policy_by_machines:

workstation1.internal.domain       may_use_external_mail
workstation2.internal.domain       only_internal_mail

or for the alternative, use in /etc/postfix/policy_by_senders:

user1@your.domain                  may_use_external_mail
user2@your.domain                  only_internal_mail

in /etc/postfix/allowed_recipients:

your.domain                        OK

© by Ralf Hildebrandt
This document contains links to external information sources that I do neither monitor nor control. I explicitly disclaim any liabilities in respect to external references.
You are getting this document without any guarantees. Any methods shown above are meant as demonstration and may be wrong in some place. You may damage your system if you try to follow my hints and instructions. You do this at your own risk!

This file was last modified 17. Jan 2007 by root