4 files changed, 11 insertions, 1 deletions

diff --git a/postfix/aliases b/postfix/aliases
index cfde663..58e75cd 100644
--- a/postfix/aliases
+++ b/postfix/aliases
@@ -10,3 +10,6 @@ ftp: postmaster
 abuse: postmaster
 
 postmaster: arf20
+
+announce: REDACTED
+
diff --git a/postfix/insiders b/postfix/insiders
new file mode 100644
index 0000000..43bdefe
--- /dev/null
+++ b/postfix/insiders
@@ -0,0 +1,2 @@
+arf20@arf20.com    OK
+
diff --git a/postfix/main.cf b/postfix/main.cf
index 3bb538f..7b71024 100644
--- a/postfix/main.cf
+++ b/postfix/main.cf
@@ -25,11 +25,14 @@ smtpd_relay_before_recipient_restrictions=no
 #   restriction options
 #     no client restrictions, allow all hosts to connect (for incoming mail)
 #     allow incoming messages from unauthenticated servers
-smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
+smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/protected_destinations, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
 #     allow relaying mail only from ARFNET users
 smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
 #     only allow messages to be sent from arf20.com domain
 smtpd_sender_restrictions = reject_unknown_sender_domain
+#   restrict mailing lists to insiders
+smtpd_restriction_classes = insiders_only
+insiders_only = check_sender_access hash:/etc/postfix/insiders, reject
 #   auth options
 smtpd_sasl_auth_enable=yes
 smtpd_sasl_type=dovecot
diff --git a/postfix/protected_destinations b/postfix/protected_destinations
new file mode 100644
index 0000000..e6e0720
--- /dev/null
+++ b/postfix/protected_destinations
@@ -0,0 +1,2 @@
+announce@arf20.com    insiders_only
+