hi there,

i am trying to create an internal mailing list but with only
a couple of vip users as allowed senders.  based on
RESTRICTION_CLASS_README i came up with the following:

/etc/postfix/main.cf:
smtpd_restriction_classes = vip_only
vip_only = check_sender_access hash:/etc/postfix/vip, reject

smtpd_helo_restrictions =
        permit_mynetworks

smtpd_sender_restrictions =
        reject_unlisted_sender
        reject_non_fqdn_sender
        reject_unknown_sender_domain

smtpd_recipient_restrictions =
        check_recipient_access regexp:/etc/postfix/rcpt_checks
        permit_mynetworks
        reject_unauth_destination
        reject_non_fqdn_recipient
        reject_unknown_recipient_domain

/etc/postfix/vip:
# these are the allowed senders
adr1 <at> mydomain.com
adr2 <at> mydomain.com

/etc/postfix/rcpt_checks:
# there are a couple of .list adresses, e.g. test.list
# members of the big lists are defined in /etc/aliases (with :include),
# smaller ones are in /etc/postfix/virtual
/.*\.list/	vip_only

this seems to work ok for remote addresses (access denied),
but local users (root) can still send to test.list
even if it's not in the vip file.  is this because
those mails are handled by local(8) instead of smtpd(8)?
in the readme the example is basically the same but
with a hash table instead of a regexp one..

-f
-- 
plus puto, minus scio -- the more i learn, the less i know