I'm working on setting up some postfix servers on my network.

Their function is simple I believe.

I have 2 internal domains (domain1.com and domain2.com) that are identified in my transport file and look something like this:

Any mail that is not addressed to one of those domain names, should be delivered to the relayhost as defined in the main.cf file.


I need to put some restrictions in place.

I need to be able to define a list of IP addresses that can send to the 2 internal domains, and a seperate list of IP addresses that can use the relayhost.

How would you go about this?


- The background: This is a large multi subnet LAN. We have dozens of servers on our production network that need to send emails to various employees (on an Exchange server) with logs from jobs, information, whatever.

Some of the scripts and jobs need to email vendors and external domains. The relay host is in a DMZ and it is another SMTP server that our webservers use to relay mail. That smtp server relays to an external third party who scrubs scans and sends.

Off hand, I am not sure how to filter based upon IP address. It may be possible, though. there are a TON of configurations you can set in Postfix and I would suggest that you look into the smtpd_sender restrictions here. There is also an address restrictions section, here, that may be of interest. These pages also show a lot of sample scenario configurations and perhaps one of them will closely match your needs.

The access (man 5 access)table is IP based, and you can possibly use the FILTER transport:destination rule to make such decisions.