|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Restricting ip-address range for sasl_authenticated?
From: Wietse Venema (wietse
porcupine.org)
Date: Mon Apr 03 2006 - 18:34:01 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Erik Persson:
> Hi,
>
> I have a problem that I haven't found any solution for.
> smtpd_recipient_restrictions seems to let you restrict, or allow, based
> on certain criteria, but as far as I understand it is a "or"-list, where
> the first matching rule takes precendence.
>
> In my case I have
> smtpd_recipient_restrictions = permit_mynetworks,
> permit_sasl_authenticated,reject_unauth_destination
>
> Which works fine, except that I want to restrict the ip-addresses for
> the SMTP AUTHed as well, but I can't figure out how.
Postfix's access language supports parentheses only by jumping
hoops. It's a little language that outgrew its capabilities years
ago.
The hoops go like this:
/etc/postfix/main.cf:
smtpd_recipient_restrictions = permit_mynetworks
hash:/etc/postfix/sasl_access
reject_unauth_destination
/etc/postfix/sasl_access:
1.2.3.4 permit_sasl_authenticated
3.4.5.6 permit_sasl_authenticated
Instead of a hash: table, use cidr: (or both) if that's more convenient.
Wietse
> That is, I wan't to have the restrictions set by "permit_mynetworks" and
> "reject_unauth_destination", but then permit_sasl_authenticated only if
> the connection is originating from a certain ip-address range.
>
> Is this possible? And if so, how?
>
> /Erik Persson.
>
>
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]