PPoossttffiixx 饤////¾¾ȤΥ

-------------------------------------------------------------------------------

PPoossttffiixx ¥饹

Postfix SMTP Ф SMTP  access(5) ơ֥α¦ʬ
reject_rbl_client  reject_unknown_client Ȥä¤򥵥ݡȤ
ޤˤꥯ饤Ȥ桼Ȥ˰ۤʤ른󥯥᡼¤
뤳ȤǤ褦ˤʤޤ

ƤμԤ˥¤ΥꥹȤꤷƤȡˤʤä
ޤޤPostfix ¥饹ˤä UCE ¤Υ롼פ ("permissive" 
"restrictive" ʤɤΤ褦) Ф䤹̾դ뤳Ȥ褦ˤʤޤ

Postfix ¥饹¸ߤͳϤäȸŪʤΤǤ: Postfix access
ơ֥α¦ʬˤϸơ֥ꤹ뤳Ȥޤ󡣤 Postfix 
äƸơ֥򳫤ɬפ뤿ǤɼԤϤΤ褦٥
ܺ٤Ϥ餯ˤޤ

:

    /etc/postfix/main.cf:
        smtpd_restriction_classes = restrictive, permissive
        restrictive = reject_unknown_sender_domain reject_unknown_client ...
        permissive = permit

        smtpd_recipient_restrictions =
    	permit_mynetworks
    	reject_unauth_destination
    	hash:/etc/postfix/recipient_access

    /etc/postfix/recipient_access:
        joe@my.domain	permissive
        jane@my.domain	restrictive

Ȥȡ饤Ȥ heloԡԤȤ SMTPD access ơ֥
¦ʬ "restrictive"  "permissive" Ȥޤ

ΥɥȤλĤʬǤ Postfix access ¥饹λȤ
ޤ:

  * Υ᡼󥰥ꥹȤԤä롢
  * Ԥˤ볰ؤΥɤ

μˤ˾夬äƤޤPostfix ¥饹Ǥ
ʤȤȤ򡢤ˤä餫ˤ뤳ȤäƤޤ
߷פΰտ̤˻Ȥ٤Ǥꡢ饤Ȥ桼Ȥ˰ۤʤ른
᡼¤Ȥ٤Ǥ

EE᡼ۥꥹȤݸ

    E᡼ۥꥹȤ褦Ȼפޤall@our.domain.com Τ褦
    ΤǡϽȰƤФ륨ꥢǤǽ aliases ޥåפ
    ȤȻפäΤǤ"all"  "" 饢Ǥ褦ˤʤä
    ޤΤǡ˾ޤޤ... :-)

Postfix ϥɥ쥹Ȥ access ƤޤʲΤΤ SMTP
饤 IP ɥ쥹򸵤ˤƤꡢΤ IP סե󥰤αƶ
ޤ

    /etc/postfix/main.cf:
        smtpd_recipient_restrictions =
            hash:/etc/postfix/access
            ...the usual stuff...

    /etc/postfix/access:
        all@my.domain   permit_mynetworks,reject
        all@my.hostname permit_mynetworks,reject

ƥब ddbb ե ddbbmm ȤäƤΤǤС hhaasshh 
ddbbmm ꤷƤPostfix ݡȤƤޥåפηΤˤϡ
ppoossttccoonnff --mm ޥɤȤäƤ

ơʤΥޥƤΥ󥿡ͥåȥ᡼򥤥󥿡ͥåȤľܼ
ˤϤǽʬǤͥåȥե⾯礭ԹǤ
㤨СХåå MX ۥȤϳΥ᡼Υ饤 IP ɥ쥹
"狼ʤ" ƤޤΤǡ᡼Ͽꤵ줿ޥ󤫤Ƥ褦
Ƥޤޤ

Ūʾ硢2Ĥθơ֥Ȥɬפޤ: 1Ĥݸɬפ
ꥹȥåפơ֥ǡ⤦1Ĥݸ줿ؤ
ɥᥤꥹȥåפơ֥Ǥ

ʲԤ SMTP ٥ץɥ쥹˴ŤΤʤΤǡSMTP Ԥ
ʤꤹޤαƶޤ

    /etc/postfix/main.cf:
        smtpd_recipient_restrictions =
            hash:/etc/postfix/protected_destinations
            ...the usual stuff...

        smtpd_restriction_classes = insiders_only
        insiders_only = check_sender_access hash:/etc/postfix/insiders, reject

    /etc/postfix/protected_destinations:
        all@my.domain   insiders_only
        all@my.hostname insiders_only

    /etc/postfix/insiders:
        my.domain       OK  matches my.domain and subdomains
        another.domain  OK  matches another.domain and subdomains

SMTP ԥɥ쥹ʤꤹޤФ褤ʤΤǡΥ򤹤Τ
ŪñǤ

ꥹȤϤǤС餯ǥ졼Ȥ̣Ǥ礦

ȳ˥᡼Ǥ桼¤

    桼ϥ󥿡ͥåȤ˥᡼ǤơʳϽʤ褦
    ˤϡPostfix ɤΤ褦ꤹФ褤ΤǤ礦Ǥʤ
    桼ϰŪʥХ󥹥å褦ˤޤΤ褦ʥ
    ¤ɬפɤϵʤǤηǤϤʤΤǡ

Postfix ϥ桼Ȥ¤򥵥ݡȤƤޤ¤ SMTP ФˤäƼ
ƤޤĤޤꡢݥꥷˤä桼 SMTP Фˤäƥ᡼
ݤޤΤ褦:

    554 <user@remote>: Access denied

ˤ2Ĥθơ֥Ȥޤ1Ĥϥ᡼褬¤줿
桼ơ֥ǡ⤦1ĤϤɤ褬뤫ơ֥
Ǥ򤢤桼ȳ˥᡼ǤơۤȤɤ
桼¤ȤޤѹΤϡɼԤνˤޤ

Ǥ DB/DBM եꤷƤޤLDAP  SQL ǤǤޤ

    /etc/postfix/main.cf:
        smtpd_recipient_restrictions =
            check_sender_access hash:/etc/postfix/restricted_senders
            ...other stuff...

        smtpd_restriction_classes = local_only
        local_only =
            check_recipient_access hash:/etc/postfix/local_domains, reject

    /etc/postfix/restricted_senders:
        foo@domain      local_only
        bar@domain      local_only

    /etc/postfix/local_domains:
        this.domain     OK      matches this.domain and subdomains
        that.domain     OK      matches that.domain and subdomains

ƥब ddbb ե ddbbmm ȤäƤΤǤС hhaasshh 
ddbbmm ꤷƤPostfix ݡȤƤޥåפηΤˤϡ
ppoossttccoonnff --mm ޥɤȤäƤ

: Υޤϥ桼ǧڤ򤷤ʤᡢĤˡǲǤ
ޤޤ:

  * ¤δˤ䤫ʥ᡼졼ۥȤ̤ƥ᡼뤳Ȥˤäơ

  * ȳؤΥ᡼줿ïȤƥ᡼뤳Ȥˤäơ

