"Chris J" <cej [at] nightwolf.org.uk> writes: > Any postfix hackers on here? :) A quick question...is it possible to > configure postfix to do selective relaying based on the recipient *address* > (not domain). Even better if I can restrict it to a sender as well... > > eg, There is a user, Bob, and his PC, bobspc. He wants to send an email to > someone else, alice [at] somewhere-else.com, but isn't authorised to send email > generally. He is however authorised to send email to alice [at] somewhere- > else.com. But only alice. He isn't auth'd to email alicesmanager [at] somewhere- > else.com > > So I'd like to be able to configure postifx to do one of: > a) Allow any person to send email to alice [at] somewhere-else.com ONLY. I haven't tried it, but it should be something like: in main.cf change the smtpd_recipient_restrictions to: smtpd_recipient_restrictions = permit_mynetworks, \ check_recipient_access hash:/etc/postfix/recipients \ reject_unauth_destination then create the file /etc/postfix/recipients with the contents: alice@somewhere-else.com OK and run postmap /etc/postfix/recipients > b) Restrict it so only bob [at] mycompany.com can send email to alice [at] somewhere- > else.com (sender-based relaying) > or... change the contents of /etc/postfix/recipients to: alice@somewhere-else.com check_sender_access /etc/postfix/senders with /etc/postfix/senders containing: bob@mycompany.com OK and run postmap on senders and recipients. > c) Restrict it so only bobspc can send email to alice [at] somewhere-else.com > (relay based on IP/address of sending machine) same as b) with bobs.pc.ip.addy OK in /etc/postfix/senders instead. And if you're feeling really aggressve: main.cf: smtpd_recipient_restrictions = permit_mynetworks, \ check_recipient_access hash:/etc/postfix/recipients \ reject_unauth_destination recipients: alice@somewhere-else.com check_sender_access hash:/etc/postfix/send-to-alice send-to-alice: bob@mycompany.com check_sender_access hash:/etc/postfix/send-as-bob send-as-bob: bobs.pc.ip.addy OK > (b) or (c) would be preferred, but (a)'s acceptable. I just can't see > anything that makes this possible. So suggestions on a postcard :) > I have postfix set up at the moment doing generic relaying for a few machines > to the general internet, but I'd like to have the possiblity of relaying by > recipient address as well. I just can't see if its possible or how to do it. I can't swear this will work, not having tried it, but looks like it should :) -- Eric E. Moore
Attachment:
pgp00015.pgp
Description: PGP signature