From: "Davy Leon" on
Hi folks.


I'm using postfix-2.3.3 in a linux box with about 90 mail accounts. Everything is ok.



But, now, I need to establish 2 user levels and the following requirements on levels:



1. All users in Level 1 can receive emails from only one top level external email domain

(for example *.org).



2. All users in Level 1 can send emails to only one top level external email domain

(for example *.org).



3. All users in Level 2 can send email to any email domain and receive mail from

any email domain.



4. All users, of course, can send and receive local emails



After many, many, many headaches, the until-now result is that I can't fulfill number 1

requirement, no matter what I do. Requirements 2, 3 and 4, finally, has been accomplished.



Any ideas for requirement number 1?



Thank you all, in advance.



David


From: Brian Evans - Postfix List on
On 5/28/2010 1:01 PM, Davy Leon wrote:
> Hi folks.
>
> I'm using postfix-2.3.3 in a linux box with about 90 mail accounts.
> Everything is ok.
>
> But, now, I need to establish 2 user levels and the following
> requirements on levels:
>
> 1. All users in Level 1 can receive emails from only one top level
> external email domain
>
> (for example *.org).
>
> 2. All users in Level 1 can send emails to only one top level external
> email domain
>
> (for example *.org).
>
> 3. All users in Level 2 can send email to any email domain and receive
> mail from
>
> any email domain.
>
> 4. All users, of course, can send and receive local emails
>
> After many, many, many headaches, the until-now result is that I can�t
> fulfill number 1
>
> requirement, no matter what I do. Requirements 2, 3 and 4, finally,
> has been accomplished.
>
> Any ideas for requirement number 1?
>

Here is an example:

smtpd_restriction_classes = level1_recipients
level1_recipients = check_sender_access pcre:/path/to/pcre_file

In smtpd_recipient_restrictions:

check_recipient_access hash:/path/to/file

In /path/to/file:

# This is an example of a map of all level 1 recipients. You may use
*sql or any valid map type.
user1(a)class1.example.com level1_recipients
user2(a)class1.example.com level1_recipients
....

In /path/to/prce_file:

# Replace DUNNO with OK if you do not want remaining checks in
smtpd_recipient_restrictions to fire
# You may also customize the reject message if you wish
/.*\.org$/ DUNNO
/.*/ REJECT This recipient does not accept email from you


Notes: this fires on the envelope sender and receiver and not the To:
header.
There are simple ways to bypass these checks because the envelope sender
is easily forged.
If prce is not installed (use 'postconf -m' to check), you may use
regexp instead as a map type.

Brian