Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Restrict relaying from local network by sender address

From: Ondrej Baudys (obaudysgmail.com)
Date: Wed Aug 15 2007 - 19:56:27 CDT

Hello list,

Apologies in advance if the solution to my question is obvious, I'm a
postfix novice.

I have the following requirements for my mail server:

1. accept mail for local recipients or addresses in
virtual_alias_maps table (from any sender)

2. relay mail to the outside world from the local network (
ONLY if the sender's domain (as given in the envelope) is
mycompany.com except for badusermycompany.com

The first requirement is no problem for me but in attempting to
implement the second one (using smtp_sender_restrictions,
smtp_client_restrictions, or smtpd_recipient_restrictions, and using
check_client_access or check_sender_access tables), I just end up
rejecting legitimate emails either from the outside world for local
address or from local addresses and IPs to the outside world.

Can anyone shed any light on how I can implement requirement 2 above?
How can I further restrict relaying based on sender address, and not
just permit mynetworks?

My current (working for requirement 1.) postfix configuration:

myhostname = mail.mycompany.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases

mydestination = benny.mycompany.com, benny,
   mail.mycompany.com, localhost.localdomain, localhost
mynetworks =,,
smtpd_client_restrictions = permit_mynetworks,
smtpd_recipient_restrictions = permit_mynetworks,
     permit_sasl_authenticated, check_relay_domains

mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all

# let up to 20MB messages thru.
message_size_limit = 20480000

# config for smtp auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous

virtual_alias_maps = hash:/etc/postfix/virtual

Ondrej Baudys