Accept mail for domain only from certain IP blocks, for instance MX

    Years ago I found code for a Sendmail mc file to accept mail from certain IP blocks on a per-domain basis. We have used this to great effect on Sendmail servers when turning an external spam filtering service on or off for mail accounts move, no firewall changes, it is set on a per-domain (not per-account) basis, and we can refuse mail for a domain unless it comes through the service.

    With PPA/Plesk and Postfix, is there a way to accomplish that? My thoughts were:
    • limit only by firewall
      - requires the mail to move to a different mail service node
      - can't autoprovision since PPA may pick either node
    • add a second IP to a mail service node, and limit by firewall
      - requires IP change
      - PPA DNS templates will be incorrect, pointing to the node's primary IP
    Any other suggestions? It would be awesome if there was a setting for each domain to do this...
