Home | Comics | wishlist | Impressum | Datenschutzerklärung | 54.159.44.54


Postfix smtpd_restriction_classes for Dummies - Part III

OK, yet another example for those of you who still don't get it:

Question:

I want mail from the outside NOT to have a sender address of my own domain and mail from the inside MUST have a sender address of my own domain.

Answer:

In main.cf, use:

smtpd_restriction_classes =
  has_our_domain_as_sender

has_our_domain_as_sender =
  check_sender_access hash:/etc/postfix/our_domain_as_sender
  reject

smtpd_recipient_restrictions =
  check_client_access hash:/etc/postfix/internal_networks
  #
  # If the Client is in the our networks 10.* or 192.168.*.* networks, we
  # return "has_our_domain_as_sender".
  # "has_our_domain_as_sender" is defined as
  # "check_sender_access hash:/etc/postfix/our_domain_as_sender"
  # which will only return OK if the sender is "example.com" or the 
  # empty sender (for bounces!!), otherwise reject.
  # 
  check_sender_access hash:/etc/postfix/not_our_domain_as_sender
  #
  # The client is not in 10.* or 192.168.*.* (otherwise
  # the previous restriction would have matched!).
  # Now we check the sender. If it's example.com NOW, then 
  # somebody from the outside is trying to use a example.com sender
  # Thus: 554 Bloody liar!
  #
  reject_unauth_destination
  # prevent relaying
  ... other spam checks ...
  permit

/etc/postfix/internal_networks:

10               has_our_domain_as_sender
192.168          has_our_domain_as_sender

/etc/postfix/our_domain_as_sender:

example.com       OK
<>               OK

/etc/postfix/not_our_domain_as_sender:

example.com       554 Bloody liar!


© by Ralf Hildebrandt
This document contains links to external information sources that I do neither monitor nor control. I explicitly disclaim any liabilities in respect to external references.
You are getting this document without any guarantees. Any methods shown above are meant as demonstration and may be wrong in some place. You may damage your system if you try to follow my hints and instructions. You do this at your own risk!

This file was last modified 18. Feb 2008 by root