Magnus Bäck wrote: > > On Tuesday, January 20, 2009 at 03:33 CET, > Jacky Chan <jac...@wkg1.umac.mo> wrote: > >> Yeap, I finally got your idea. And I don't expect that is such easy to >> configure. >> Indeed for mynetwork parameter, I do have a list of IP to be >> restricted so I want it to be located on an external file but not in >> main.cf >> As advised by Magnus, how do I create the external iplist.cidr >> >> # main.cf >> mynetworks = cidr:/etc/postfix/iplist.cidr >> >> # /etc/postfix/iplist.cidr >> >> !192.168.1.1 >> !192.168.1.2 >> 192.168.1.3 >> !192.168.0.0/16 >> >> In iplist.cidr, how about I don't supply the result, such as OK or >> REJECT? Is that OK? > > No, see cidr_table(5). You'll also note that the manual page doesn't say > anything about using ! for negation, and that's because it's a special > feature of mynetworks. Just drop the cidr: on the mynetworks line. > > [...] > > -- > Magnus Bäck > mag...@dsek.lth.se > >
In summary, the configuration involved # main.cf mynetworks = /etc/postfix/iplist.cidr smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination # /etc/postfix/iplist.cidr 192.168.1.0 OK !192.168.2.10 192.168.2.20 REJECT 192.168.0.0 REJECT But I found the two REJECT statements don't work, I still can send mail from 192.168.2.20 where the destination is in mydestination or not. I don't know whether I understand REJECT correctly or not in cidr under mynetwork (which I can REJECT in man cidr_table), what should be the result supposed to be in this case? Or I can do it at firewall level too. Best, Jacky -- View this message in context: http://www.nabble.com/Upon-IP-address%2C-restrict-sending-destination.-tp21536576p21559931.html Sent from the Postfix mailing list archive at Nabble.com.
