LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   Postfix recipient restrictions.... (http://www.linuxquestions.org/questions/linux-server-73/postfix-recipient-restrictions-849485/)

aaron.anderson 12-10-2010 08:49 AM

Postfix recipient restrictions....
 
I'm working on setting up some postfix servers on my network.

Their function is simple I believe.

I have 2 internal domains (domain1.com and domain2.com) that are identified in my transport file and look something like this:

Code:

#/etc/postfix/transport
domain1.com    smtp:[exchFE.fqdn.lan]:25
domain2.com    smtp:[exchFE.fqdn.lan]:25

Any mail that is not addressed to one of those domain names, should be delivered to the relayhost as defined in the main.cf file.

Code:

#/etc/postfix/main.cf
relayhost = 172.16.x.x
~~~ SNIP ~~~


I need to put some restrictions in place.

I need to be able to define a list of IP addresses that can send to the 2 internal domains, and a seperate list of IP addresses that can use the relayhost.

How would you go about this?


- The background: This is a large multi subnet LAN. We have dozens of servers on our production network that need to send emails to various employees (on an Exchange server) with logs from jobs, information, whatever.

Some of the scripts and jobs need to email vendors and external domains. The relay host is in a DMZ and it is another SMTP server that our webservers use to relay mail. That smtp server relays to an external third party who scrubs scans and sends.

Noway2 12-11-2010 05:46 AM

Off hand, I am not sure how to filter based upon IP address. It may be possible, though. there are a TON of configurations you can set in Postfix and I would suggest that you look into the smtpd_sender restrictions here. There is also an address restrictions section, here, that may be of interest. These pages also show a lot of sample scenario configurations and perhaps one of them will closely match your needs.

Reuti 12-11-2010 02:53 PM

The access (man 5 access)table is IP based, and you can possibly use the FILTER transport:destination rule to make such decisions.


All times are GMT -5. The time now is 03:31 AM.