[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sheflug] Postfix and relaying



"Chris J" <cej [at] nightwolf.org.uk> writes:

> Any postfix hackers on here? :) A quick question...is it possible to
> configure postfix to do selective relaying based on the recipient *address*
> (not domain). Even better if I can restrict it to a sender as well...
>
> eg, There is a user, Bob, and his PC, bobspc. He wants to send an email to
> someone else, alice [at] somewhere-else.com, but isn't authorised to send email
> generally. He is however authorised to send email to alice [at] somewhere-
> else.com. But only alice. He isn't auth'd to email alicesmanager [at] somewhere-
> else.com
>
> So I'd like to be able to configure postifx to do one of:
> a) Allow any person to send email to alice [at] somewhere-else.com ONLY.

I haven't tried it, but it should be something like:

in main.cf change the smtpd_recipient_restrictions to:

smtpd_recipient_restrictions = permit_mynetworks, \
   check_recipient_access hash:/etc/postfix/recipients \
   reject_unauth_destination

then create the file /etc/postfix/recipients with the contents:

alice@somewhere-else.com OK

and run 

postmap /etc/postfix/recipients 



> b) Restrict it so only bob [at] mycompany.com can send email to alice [at] somewhere-
> else.com (sender-based relaying)
> or...

change the contents of /etc/postfix/recipients to:

alice@somewhere-else.com check_sender_access /etc/postfix/senders

with /etc/postfix/senders containing:

bob@mycompany.com OK

and run postmap on senders and recipients.

> c) Restrict it so only bobspc can send email to alice [at] somewhere-else.com
> (relay based on IP/address of sending machine)

same as b) with

bobs.pc.ip.addy OK

in /etc/postfix/senders instead.

And if you're feeling really aggressve:

main.cf:

 smtpd_recipient_restrictions =  permit_mynetworks, \
   check_recipient_access hash:/etc/postfix/recipients \
   reject_unauth_destination

recipients:

alice@somewhere-else.com check_sender_access
 hash:/etc/postfix/send-to-alice

send-to-alice:

bob@mycompany.com check_sender_access hash:/etc/postfix/send-as-bob

send-as-bob:

bobs.pc.ip.addy OK





> (b) or (c) would be preferred, but (a)'s acceptable. I just can't see
> anything that makes this possible. So suggestions on a postcard :)



> I have postfix set up at the moment doing generic relaying for a few machines
> to the general internet, but I'd like to have the possiblity of relaying by
> recipient address as well. I just can't see if its possible or how to do it.

I can't swear this will work, not having tried it, but looks like it
should :)

-- 
Eric E. Moore

Attachment: pgp00015.pgp
Description: PGP signature