Different Postfix Access Policy Delegation

Today I got some hints how to use different Access Policy Delegation with postfix. This it opens the possibility to use different check_policy_service in dependency on sender address, client ip ... and so on.

Create aliases for groups of access restrictions in /etc/postfix/main.cf:

smtpd_restriction_classes = policy1,
                            policy2,
policy1 = check_policy_service inet:127.0.0.1:12525
policy2 = check_policy_service inet:127.0.0.1:12526

Create "/etc/postfix/ip_rules.cidr":

# echo "127.0.0.1 policy1" > /etc/postfix/ip_rules.cidr
# echo "127.0.0.2 policy1" >> /etc/postfix/ip_rules.cidr
# echo "0.0.0.0/0 policy2" >> /etc/postfix/ip_rules.cidr

Add check_client_access cidr:/etc/postfix/ip_rules.cidr at the end of smtpd_recipient_restrictions in /etc/postfix/main.cf

In this scenario you can have different access policies based on the client ip. It is also possible to base it on client reverse dns with help of pcre maps and recipient/sender address and hash maps

Show Comments