DevHeads.net

check rcpt to, from and destination in one session - nested smtpd_restriction_classes?

Hi,

postfix is configured as relay server. Other systems relay with postfix.
Here i want to allow for a specific group of hosts, when they use a
specific mail from address only a few specific destination domains. Other
hosts should not be bothered. This is only a need to limit a group of hosts
to not accidentally send out mails to other domains.

smtpd_sender_restrictions = check_sender_access
hash:/etc/postfix/benachrichtigung
smtpd_restriction_classes = benachrichtigung
benachrichtigung = check_recipient_access hash:/etc/postfix/erlaubt, reject

/etc/postfix/benachrichtigung
<a href="mailto: ... at cubewerk dot de"> ... at cubewerk dot de</a> benachrichtigung

/etc/postfix/erlaubt
microsoft.com OK
aol.com OK
yahoo.com OK

That works and only allows mails with mail from:
<a href="mailto: ... at cubewerk dot de"> ... at cubewerk dot de</a> to above domains. How can i additionally say -
and only limit sending of mails to this 3 domains, if smtp connection is
from 3 local IPs? (10.8.1.1-3) ?

I can not think of a way to achieve this.

thank you.

Stefan

Comments

RE: check rcpt to, from and destination in one session - nested

By Fazzina, Angelo at 05/15/2018 - 11:45

Hi, sounds like you want

If from ( ... at cubewerk dot de<mailto: ... at cubewerk dot de>) and from (10.8.1.1-3)
Then allow
Else REJECT

Sounds like you would need a regex expression to catch two conditions and then act on it.

Not sure postfix can store result of first check and not act on it and make the second check and then act on the email ?
My guess is no…..?

Maybe someone more savvy knows how to do this.
Good Luck.

-ANGELO FAZZINA

ITS Service Manager:
Spam and Virus Prevention
Mass Mailing
G Suite/Gmail

<a href="mailto: ... at uconn dot edu"> ... at uconn dot edu</a>
University of Connecticut, ITS, SSG, Server Systems
860-486-9075

Hi,
postfix is configured as relay server. Other systems relay with postfix. Here i want to allow for a specific group of hosts, when they use a specific mail from address only a few specific destination domains. Other hosts should not be bothered. This is only a need to limit a group of hosts to not accidentally send out mails to other domains.

smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/benachrichtigung
smtpd_restriction_classes = benachrichtigung
benachrichtigung = check_recipient_access hash:/etc/postfix/erlaubt, reject

/etc/postfix/benachrichtigung
... at cubewerk dot de<mailto: ... at cubewerk dot de> benachrichtigung

/etc/postfix/erlaubt
microsoft.com<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmicrosoft.com&data=02%7C01%7Cangelo.fazzina%40uconn.edu%7Ceee19345fdc94e7efd9008d5ba7a19c6%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C636619955955748562&sdata=zk0%2FR9Q%2FzzD3NdAnC0%2FZWKyoRIhEl0d830cgWLgad4s%3D&reserved=0> OK
aol.com<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Faol.com&data=02%7C01%7Cangelo.fazzina%40uconn.edu%7Ceee19345fdc94e7efd9008d5ba7a19c6%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C636619955955758564&sdata=XvasfUHrBj2pciEhtL6tfk5m%2FBtS5dj9N99VqXtyYRo%3D&reserved=0> OK
yahoo.com<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fyahoo.com&data=02%7C01%7Cangelo.fazzina%40uconn.edu%7Ceee19345fdc94e7efd9008d5ba7a19c6%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C636619955955768577&sdata=6iFa5MDp%2F5TWBlZY1vpiLx4AiT8qNTrMz3EkZotzPis%3D&reserved=0> OK
That works and only allows mails with mail from: ... at cubewerk dot de<mailto: ... at cubewerk dot de> to above domains. How can i additionally say - and only limit sending of mails to this 3 domains, if smtp connection is from 3 local IPs? (10.8.1.1-3) ?
I can not think of a way to achieve this.
thank you.
Stefan