permit_mynetworks 是否覆盖 check_sender_access?

tag-icon tag-icon postfix
permit_mynetworks 是否覆盖 check_sender_access?

我正在配置托管在云提供商上的 Postfix 中继。我希望仅允许中继访问我公司的公共 IP 和精确的发件人列表。因此,以下是我的 main.cf 配置:

mynetworks = 127.0.0.0/8 1.2.3.4/23 4.5.6.7/32 7.8.9.1/24
smtpd_recipient_restrictions = permit_mynetworks,
                                check_sender_access hash:/etc/postfix/allowed_senders,
                                reject_unauth_destination

allowed_senders 是这样的:

[email protected] OK
[email protected] OK
[email protected] OK

如果我保留这些设置,allowed_senders 将被忽略,无论我将其放在 permit_mynetworks 设置之前还是之后。如果我删除 permit_mynetworks,allowed_senders 会正常工作。

那么,如何通过源 IP 地址和发件人电子邮件地址限制对此中继的访问?

答案1

向 Postfix 邮件列表询问后得到了答复。以下是工作配置:

主配置文件

 mynetworks = 127.0.0.0/8 1.2.3.4/23 4.5.6.7/32 7.8.9.1/24

 # No relaying from untrusted networks
 smtpd_relay_restrictions =
    permit_mynetworks,
    reject_unauth_destination

 # Also, no relaying by unauthorized senders
 smtp_sender_restrictions =
     check_sender_access hash:/etc/postfix/allowed_senders,
     reject_unauth_destination

 # Apply UCE controls to remote clients
 smtpd_recipient_restrictions =
     permit_mynetworks,
     ... anti-spam rules if any ...

允许发送者:

 # Just in case, reject relay attempts from untrusted networks
 #
 [email protected] permit_mynetworks, reject_unauth_destination
 [email protected]     permit_mynetworks, reject_unauth_destination
 [email protected] permit_mynetworks, reject_unauth_destination

相关内容