My postfix server is up and running great but I want to be able to restrict what senders can send to external recipients based on what VLAN the user is connecting from.
I already found the documentation to restrict users based on the senders address
http://www.postfix.org/RESTRICTION_C....html#external and I tried putting in a network rather than a sender in the restricted senders file (eg 192.168.0.0/24) but it appears to restrict internal and external email with that. Here is my main.cf file, local_domains, and restricted_senders.
Can someone tell me if this is even possible to restrict based on VLAN instead of based on senders address.
Code:
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
myhostname = postfix-test.example.com
myorigin = example.com
inet_interfaces = all
mydestination =
local_transport = error:Local delivery is unavailable
unknown_local_recipient_reject_code = 550
mynetworks = $config_directory/mynetworks
relay_domains = example.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.3.3/samples
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
smtpd_recipient_restrictions =
check_sender_access hash:/etc/postfix/restricted_senders
permit_mynetworks
reject
smtpd_restriction_classes = local_only
local_only =
check_recipient_access hash:/etc/postfix/local_domains
reject
smtpd_peername_lookup = no
message_size_limit = 26214400
smtpd_delay_reject = yes
restricted_senders file
Code:
10.200.0.0/18 local_only
local_domains
I also have a mynetworks file (you can see it referenced in the main.cf) which contains all the VLANS that are allowed to send through the postfix server including the one restricted network (10.200.0.0/18). I then compiled the db files with postmap restricted_senders and postmap local_domains.
Does postfix have the ability to restrict based on network rather than sender email?