On Fri, 8 Aug 2008, Tony Finch wrote:
> On Fri, 8 Aug 2008, Peter Thomassen wrote:
> > stuff; that is already done by the main machine. Therefore I want to
> > narrow the "mail-in chain" to mail from this trusted machine.
> I think that kind of access restriction is the job of the access control
> lists, not the routers.
This ?
#!!# ACL that is used after the RCPT command
check_recipient:
accept hosts = :
# accept domains = +local_domains
# accept domains = +relay_domains
accept hosts = +relay_hosts
accept hosts = +auth_relay_hosts
endpass
message = authentication required
authenticated = *
deny message = relay not permitted
so just comment out the accept-domains line and restrict relay_hosts to
the single authorized machine (possibly add localhost).
