Results 1 to 2 of 2

Thread: [SOLVED] smtp restriction in postfix

  1. #1
    Join Date
    Jul 2006
    Beans
    29

    [SOLVED] smtp restriction in postfix

    Hi All,

    I need some advice on how I can restrict smtp(postfix). Here is the scenario:
    - currently we have 9 servers + 1 smtp. all servers are inside the firewall.
    1. prod1.test.com
    2. prod2.test.com
    ....
    ....
    ....
    6. prod6.test.com
    7. nagios.test.com
    8. jira.test.com
    9. wiki.test.com
    10. smtp.test.com

    My problem is how can I restrict:
    -  if originator is prodx.test.ph uses smtp server, it can send to any recipient
    -  if non-prodx server, only @sistercompany.com recipient will be sent; ignore none @sistercompany.com

    I tried looking on this solution
    http://www.postfix.org/RESTRICTION_CLASS_README.html , but don't know how to construct my class. I'm also confused on
    smtpd_recipient_restrictions and smtpd_sender_restrictions. Which is best solution will do on this problem?
    cheers,

    janskey

  2. #2
    Join Date
    Aug 2007
    Location
    Chennai
    Beans
    522
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: smtp restriction in postfix

    /opt/zimbra/postfix/conf/sales-senders
    user1@domain.com OK
    user2@domain.com OK

    /opt/zimbra/postfix/conf/accounts-senders
    user3@domain.com OK
    user4@domain.com OK


    /opt/zimbra/postfix/conf/protected_recipients
    accounts-dl@domain.com accounts-senders-list
    sales-dl@bksec.com sales-senders-list

    /opt/zimbra/postfix/conf/update-sec-list
    #!/bin/bash
    echo "rebuild authorised sales-list senders..."
    postmap /opt/zimbra/postfix/conf/sales-senders
    echo "rebuild authorised accounts-list senders..."
    postmap /opt/zimbra/postfix/conf/accounts-list-senders

    echo "REBUILD protected_recipeints..."
    postmap /opt/zimbra/postfix/conf/protected_recipients


    /opt/zimbra/postfix/conf/main.cf
    sales-senders-list = check_sender_access hash:/opt/zimbra/postfix/conf/sales-senders, reject
    accounts-senders-list = check_sender_access hash:/opt/zimbra/postfix/conf/accounts-senders, reject

    smtpd_restriction_classes = sales-senders-list, accounts-list

    /opt/zimbra/conf/postfix_recipient_restrictions.cf
    hash:/opt/zimbra/postfix/conf/protected_recipients


    ************ Auto CC of an account **************

    to get it to work it did the following steps

    In /opt/zimbra/postfix/conf create a file called "sender_bcc" and to it:
    "employee@domain.com monitor@domain.com"

    In /opt/zimbra/postfix/conf/main.conf add
    "sender_bcc_maps = hash:/opt/zimbra/postfix/conf/sender_bcc"

    then run as zimbra user
    "postmap /opt/zimbra/postfix/conf/sender_bcc"

    restart postfix -
    "postfix reload"
    This is something I posted in Zimbra Forums long ago to have granular control over email accounts. You can configure granular level mail-relay access controls. For e.g. you can say only @abc.com can send to @xyz.com or even restrict certain accounts inside @abc.com to relay to @xyz.com.

    Quite confusing in the beginning, but you will get the hang of it.

    Good luck
    Report Ubuntu bugs here: Ubuntu Launchpad.
    Ubuntu Lucid 10.04 32-bit Desktop

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •