> > On the external: pretent it's a normal mail host, accepting only
> > specified domain, with transport entry to the internal postfix, or
> > delivering to the hosts directly
> > On the internal: use a smtpd_client_restriction, rejecting all, except
> > the allowed smtp servers
> I'm trying to get rid of this (seperate sendmail process on the internal and
> the external interface). But you probably know that :-)
well, at least I can imagine you'd want that.
>
> > 2. trying to somehow get this in one postfix.cf, using a dirty
> > combination of the above.
> > using client restrictions, rejecting 10.*, accepting
> > 10.0.0.10 (whatever
> > your mailserver's IP addresses are), and accepting the rest; combined
> > with normal check_relay_domain functionality
> I'm trying that, but it tends to become very complex.
Hmm... shouldn't be too hard I guess...
Let me see...

smtpd_client_restriction =
    check_client_access hash:/etc/postfix/client_access,
    accept

With client_access (forgimme, don't know the exact syntax of that file):

10.0.0.1 ACCEPT
10.0.5.1 ACCEPT
10.0.0.0 500 Go use our nifty backbone!

I'd say that is all there is to it.
All the administration for the accepted mailservers is in one file,
which might fit nicely in your configuration tools, I guess

Mark

-- 
 Mark Huizer - markmadison-gurkha.com - xaatimewasters.nl - xaadohd.org
 Every man has one thing he can do better than anyone else;		
 usually it is reading his own handwriting (G.Norman Collie)		

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]