On Thu, Dec 30, 2010 at 02:09:57PM -0600, michael.lar...@wellsfargo.com wrote:
> Perhaps I misunderstood, but you said:
>
> > With this all mail is discarded unless *all* (my emphasis) the conditions
> > below are met:
> >
> > - From an allowed SMTP client (IP address CIDR table)
> > - From an allowed envelope sender (indexed via postmap lookup table)
> > - To an allowed envelope recipient (indexed via postmap lookup
> > table)
>
> Which isn't what I want. For hosts in client_access, I don't want any
> sender/recipient evaluation - I just want it to flow through - all of
> it. For hosts not in client_access, I want it assumed they're allowed,
> but the sender/recipient restrictions asserted.
In that case change the client restrictions to "OR", but keep sender
and recipient as "AND".
main.cf:
indexed = ${default_database_type}:${config_directory}/
cidr = cidr:${config_directory}/
smtpd_restriction_classes = discard_all
discard_all = static:discard
smtpd_sender_restrictions =
check_sender_access ${indexed}allowed-senders
check_client_access ${cidr}allowed-clients,
smtpd_recipient_restrictions =
check_recipient_access ${indexed}allowed-recipients,
check_client_access ${cidr}allowed-clients,
#
# Required to appease validation logic, in-practice,
# allowed-clients will perimit all IPs, some to deliver
# and the rest to discard.
#
reject
allowed-clients:
192.0.2.1 permit
0.0.0.0/0 discard_all, permit
--
Viktor.
