After some testing i figured out, one way is to use regexp.
Here are the parts, that I changed and which are different now from the
default sles config:
After some testing i figured out, one way is to use regexp.
Here are the parts, that I changed and which are different now from the
default sles config:
[color=green]
[/color][/color]
Code:
--------------------[color=blue][color=green]
[/color]
main.cf:
mynetworks_style = host
smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/access
smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination[/color]
--------------------[color=blue][color=green]
[/color][/color]
It is better style to just use smtpd_recipient_restrictions and collect
all your restrictions there.
With this config, only smtp connections from localhost are accepted and
only one sender address: noreply@dom.ain.
That was my intention :)[/color]
To restrict connecting host use check_client_access, that is why you IP
address try failed - the sending IP address is not the “sender”, it the
client.
But if you only want localhost to connect, you can restict the listing
interfaces to localhost by inet_interfaces = loopback-only
It is better style to just use smtpd_recipient_restrictions and collect
all your restrictions there.[/color]
Even it seems very logical to me, to put sender related restrictions to
“smtpd_sender_restrictions” it’s changed for better style:
[color=blue]
But if you only want localhost to connect, you can restict the listing
interfaces to localhost by inet_interfaces = loopback-only[/color]
IMHO the man page said, that “mynetworks_style = host” will have the
same effect. Like always, there are many ways
Even it seems very logical to me, to put sender related restrictions to
“smtpd_sender_restrictions” it’s changed for better style:[/color]
OK, but “permit_mynetworks” is what, a recipient_restriction? No, it is
a client_restriction, because it restricts the connecting hosts. But you
put it in “smtpd_recipient_restrictions”, right?
By putting all restrictions in recipient you have full control over
the order in which the restrictions take place, you can have
client_restrictions after sender_restriction, what you can not do by
dividing the restrictions. Do you see, what I mean?
Have a look at ‘Postfix SMTP relay and access control’
(http://www.postfix.org/SMTPD_ACCESS_README.html)
All restrictions but smtpd_recipient_restrictions are optional, even
though all restriction are only evaluated after RCTP TO anyway:> Current Postfix versions postpone the evaluation of client, helo and[color=blue]
sender restriction lists until the RCPT TO or ETRN command.[/color]
[color=blue]
IMHO the man page said, that “mynetworks_style = host” will have the
same effect. Like always, there are many ways :)[/color]
No, not really:[color=blue]
Specify “mynetworks_style = host” when Postfix should “trust” only the
local machine.[/color]
mynetworks and mynetworks_style influence the permit_mynetworks
restriction, not more. Port 25 is still accessable from anywhere else in
the network. Whereas inet_interfaces restricts the opened ports to the
network itself. This is a huge difference.
