[postfix-users] mehrere restriction classes in einem Lookup?

Uwe Driessen driessen at fblan.de
Fr Mai 9 08:57:14 CEST 2008 

Christian Bricart schrieb:
> 
> restriction_classes = greylist, rblcheck

Das heist aber doch smtpd_restriction_classes

smtpd_restriction_classes (default: empty)
User-defined aliases for groups of access restrictions. The aliases can be specified in
smtpd_recipient_restrictions etc., and on the right-hand side of a Postfix access(5)
table. 

One major application is for implementing per-recipient UCE control. See the
RESTRICTION_CLASS_README document for other examples

>>>>>>>>>>>http://www.postfix.org/RESTRICTION_CLASS_README.html<<<<<<<<<<<<<<<<

> 
> greylist =
>    check_recipient_access = hash:/path/whitelist
>    check_access = hash:/path/whitelist
>    check_policy_service inet:127.0.0.1:4711
> 
> rblcheck =
>   reject_rbl_client ix.dnsbl.manitu.net
>   reject_rbl_client zen.spamhaus.org
> 
> smtpd_recipient_restrictions =
>    ..
>    check_recipient_access hash:/path/restrictions
>    ..
> 
> würde das (vor allem das erste) gehen..? oder irgendwie anders?

Protecting internal email distribution lists
We want to implement an internal email distribution list. Something like
all at our.domain.com, which aliases to all employees. My first thought was to use the
aliases map, but that would lead to "all" being accessible from the "outside", and this is
not desired... :-) 

Postfix can implement per-address access controls. What follows is based on the SMTP
client IP address, and therefore is subject to IP spoofing. 

/etc/postfix/main.cf:
    smtpd_recipient_restrictions =
        check_recipient_access hash:/etc/postfix/access
        ...the usual stuff...

/etc/postfix/access:
    all at my.domain   permit_mynetworks,reject
    all at my.hostname permit_mynetworks,reject
Specify dbm instead of hash if your system uses dbm files instead of db files. To find out
what map types Postfix supports, use the command postconf -m. 

> 
> # /path/restrictions:
> example.net     greylist, rblcheck
> example.com     greylist
> example.de      rblcheck
>


Mit freundlichen Grüßen

Drießen

-- 
Software & Computer
Uwe Drießen
Lembergstraße 33
67824 Feilbingert
Tel.: +49 06708 / 660045   Fax: +49 06708 / 661397