postfixÏÞÖÆÌض¨Óû§ÊÕ·¢ÓʼþµÄ¸ß¼¶·ÃÎÊ¿ØÖÆ·½·¨

Hello!

I have the same problem:

1. I need to permit some internal users (not all) to send mail to any
external user (Internet)
2. I need to permite any external user to send mail to some my internal
users (not all)

In fact, the problem is: just "some" of my internal users have permission to
receive mail from and send mail to the Internet.

How can I solve this?

View this article only
ÐÂÎÅȺ×飺mailing.postfix.users
ÈÕÆÚ£º2002-12-04 15:18:04 PST

In the example below, the same list of restricted_users is used for
controlling both who can send and who can receive internet mail. If you
don't require the local_plus feature, just leave that part out.

1. in main.cf:

1. use restriction classes to make restricted_users file more readable.
   smtpd_restriction_classes = local_only, local_plus

local_only =
reject_unauth_destination
permit_mynetworks
reject

local_plus =
check_recipient_access hash:/etc/postfix/local_plus
check_sender_access hash:/etc/postfix/local_plus
reject_unauth_destination
permit_mynetworks
reject

1. this is the default setting, required for this setup.
   smtpd_delay_reject = yes

1. we'll do this in sender restrictions to avoid open relay problems.
   smtpd_sender_restrictions =
   check_sender_access hash:/etc/postfix/restricted_users
   check_recipient_access hash:/etc/postfix/restricted_users

and in /etc/postfix/restricted_users
# /etc/postfix/restricted_users
# this file contains a list of users only allowed to send and receive local
mail
# postmap this file after changes
# local users not listed here have no restrictions
user1@miodemi.com local_only
user2@miodemi.com local_plus

and in /etc/postfix/local_plus:
# /etc/postfix/local_plus
# this file contains allowed destinations and senders
# for users restricted to local_plus
# postmap this file after changes
miproveedor.com OK

Remember to "postmap local_plus" and "postmap restricted_users" after
making changes to them.
Remember to run "postfix reload" after changing main.cf

hzqbbcµÄÏÞÖÆ·½·¨£¨×ª×ÔhzqbbcµÄblog£©

Óм¸¸ö·½·¨£º

1) smtpd_restriction_classes = local_only
ÉèÖÃÒ»¸öÏÞÖÆÀà±ð½Ðlocal_only£¬È»ºó²Î¿¼access(5)µÄ¸ñʽ×öÒ»¸ö·ÃÎÊ¿ØÖÆ£º

local_only = check_recipient_access hash:/etc/postfix/maps/my_rcpt

Îļþmy_rcptÄÚÈÝ£º

163.com RELAY
21cn.com RELAY
hzqbbc.com RELAY

È»ºó£¬ÉèÖãº

smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/maps/mysender 

mysenderÄÚÈÝ£º

hzqbbc@local.hzqbbc.com   local_only 

ÕâÑù·²ÊÇMail from:µÄÐÅÖ»ÄÜRCPT TO: µ½163.com, 21cn.com¼° hzqbbc.com Èý¸öµØ·½ÁË¡£ÆäËûµÄ¶¼·¢²»³öÈ¥¡£

°´Õâ¸ö·½·¨£¬»¹¿ÉÒÔÉèÖøü¶àµÄÀà±ð£¬ÀýÈçremote_onlyÒÔ¼°²»ÏÞÖƵÄÕʺŵȡ£µ«ÕâЩ¶¼Ö»¶Ôfrom:ÏÞÖÆ¡£¶øÇÒ²»¹ÜÊÇ·ñSASLºóµÄ¡£ËùÒÔÓÐÒ»¶¨È±ÏÝ¡£²»¹ý£¬ÒѾ­´ïµ½Ä¿µÄÁË¡£

2)ʹÓÃsnapshot°æµÄpolicy²ßÂÔ
¸ù¾Ýij¸öhash±í»òÅäÖÃÎļþ£¬Åж϶ÔÓ¦µÄsenderºÍrecipientÊÇ·ñÆ¥Å䣬ƥÅä¾Í·µ»ØOK»òÕßDUNNO»òÕßRELAYµÈ£¨¿ÉÄÜRELAYÒѾ­¹ýʱ£¬Õâ¸öÊÇpostfix 1.1.xµÄ£©Èç¹û²»Æ¥Åä¾Í·µ»Ø´íÎó´úÂë

°´postfixËù´øµÄsmtpd-policy.plģʽ£¬ÐÞ¸ÄһϾͿÉÒÔʹÓÃÁË¡£Ïêϸ²Î¿¼POLICY_READMEµÈ¡£

ÎÒ×Ô¼ºµÄÀý×Ó£º

1)¶¨ÒåÀàsend2hrall£º
smtpd_restriction_classes = send2hrall
send2hrall =
    check_sender_access mysql:/usr/local/etc/postfix/mysql-send2hrall.cf,reject
ÅäÖÃÎļþ send2hrall.cfÄÚÈÝÈçÏ£º
hosts = localhost
user = mailuser
password = mailpasswd
dbname = maildatabase
query = select access from mysql-send2hrall where source = '%s'