On Monday, January 19, 2009 at 08:11 CET,
Jacky Chan <jac...@wkg1.umac.mo> wrote:
> Magnus Bäck wrote:
[...]
> > Also, you probably don't want to return OK for 192.168.1.0/24. That
> > means that all restrictions listed after your check_client_access
> > restriction will be bypassed, and this is probably not what you
> > want.
>
> Hi, Magnus. Thank you very much for your advise and I changed the
> configuration as below.
> Would you mind to have a look and please point out what I missed.
> I highlighted the modification in BOLD.
Your message was in plain text so nothing was bold.
> #/etc/postfix/main.cf
> mynetworks = cidr:/etc/postfix/access
>
> smtpd_client_restrictions = check_client_access cidr:/etc/postfix/access
> smtpd_recipient_restrictions = check_client_access
> cidr:/etc/postfix/access,permit_mynetworks, reject_unauth_destination
> smtpd_restriction_classes = local_only
> local_only = check_recipient_access hash:/etc/postfix/local_domains, reject
>
> # /etc/postfix/access
> 192.168.1.55 REJECT
> 192.168.1.56 REJECT
> 192.168.1.0/24 RELAY
RELAY is not listed in access(5) as a valid access table action so I
suggest you don't use it. Please also note my last paragraph (quoted
above) about removing that line alltogether. But do follow Noel's
advice -- unless you have special requirements you're making this
unnecessarily complex.
--
Magnus Bäck
mag...@dsek.lth.se
