>
> * Only restricted hosts on the intranet should be able to dump mail on
> the gateway that should be delivered to the Internet (we use an SMTP
> backbone and we want only the backbone SMTP servers to be able to connect to
> the gateway for sending mail to the internet. Individual users should dump
> their email on the SMTP backbone, not directly on the firewall).
> * On the other hand, on the outside interface of the gateway, I want
> to accept email from the whole Internet for my local (virtual) domains. In
> this case, anti-relaying should be in effect to prevent us from being used
> as a relay.
>
What I could imagine is one of 2 solutions.

1. is running 2 postfixes, one binding internally, one binding
externally.
On the external: pretent it's a normal mail host, accepting only
specified domain, with transport entry to the internal postfix, or
delivering to the hosts directly
On the internal: use a smtpd_client_restriction, rejecting all, except
the allowed smtp servers

2. trying to somehow get this in one postfix.cf, using a dirty
combination of the above.
using client restrictions, rejecting 10.*, accepting 10.0.0.10 (whatever
your mailserver's IP addresses are), and accepting the rest; combined
with normal check_relay_domain functionality

Greetings

Mark

-- 
 Mark Huizer - markmadison-gurkha.com - xaatimewasters.nl - xaadohd.org
 Ah, women.  They make the highs higher and the lows more frequent.	
        -- Friedrich Nietzsche						

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]