Hi there! Can someone give me a hint:
I've two postfix servers which both have two NICs, one with an official IP to the internet, and one with a private IP to the internal LAN. I want to permit SMTP from the outside via submission port with SMTP Auth. It runs like expected with the older 2.0.18 server (see master.cf snippet below) with internal and external clients. But with the newer 2.3.8 server it only runs with external clients. I get "554 5.7.1 <unknown[PRIVATE-IP]>: Client host rejected: Access denied; from= [...]". (The client didn't reach SASL authentication state.) I've to add "permit_mynetworks" as first item to smtpd_client_restrictions to send with internal clients. "permit_sasl_authenticated" should be enough, in my opinion - especially because it runs for external internet clients which are not member of $mynetworks. Where's my mistake? Possibly there's some preferred rule at the older 2.0.18 system, which will permit $mynetwork (internal LAN) clients before master.cf's submission "smtpd_client_restrictions=permit_sasl_authenticated,reject" can take effect? ------------------------------------------------------------------------------------- Postfix 2.3.8 master.cf [...] submission inet n - - - - smtpd [...] -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject [...] ------------------------------------------------------------------------------------- Postfix 2.0.18 master.cf [...] submission inet n - - - - smtpd -o cleanup_service_name=pre-cleanup [...] -o smtpd_client_restrictions=permit_sasl_authenticated,reject [...] ------------------------------------------------------------------------------------- Thanks, Hasso
