其实原则比较简单,就是检查MAIL FROM:阶段的邮件地址,如果匹配规则中的地址,则应用相应的限制原则,否则按默认的规则。

配置方法:

1)在main.cf里定义如下的smtpd_restriction_classes:

# restrictions
smtpd_restriction_classes = local_only
local_only = check_recipient_access hash:/etc/postfix/local_ domains, reject

2)将main.cf里的smtpd_recipient_restrctions定义为:

smtpd_recipient_restrictions =
  check_s ender_access hash:/etc/postfix/local_senders
  permit_mynetworks,
  permit_ sasl_authenticated,
  reject_non_fqdn_ hostname,
  reject_non_fqdn_sender,
  reject_non_fqdn_recipient,
  reject_unauth_destination,
  reject_unauth_ pipelining,
  reject_invalid_hostname

3)编辑/etc/postfix/local_senders:

foo@extmail.org      local_only
bar@extmail.org      local_only

4)编辑/etc/postfix/local_domains:

internal.foo.com         OK
internal.bar.com         OK

5)为3,4的文件建立hash:

# postmap hash:/etc/postfix/local_senders
# postmap hash:/etc/postfix/local_domains

最好用root生成上述hash。

这样,就定义了extmail.org域里的foo和bar两个用户,只能给internal.foo.com和internel.bar.com 两个域名发邮件。这两个域名就是常规说的内部邮件域了。

如果这两个用户企图给外部发邮件,将遇到如下错误:

554 5.7.1 < bar@extmail.org>: Sender address rejected: Access denied

这样就基本达到了目的了