on 02/03/2011 10:05 AM Stan Hoeppner wrote the following: > Aggelos put forth on 2/2/2011 10:49 PM: >> on 02/03/2011 05:24 AM Aggelos wrote the following: >> >>> With that setup, if I wanted to accept mail from a specific Internet IP, >>> which would otherwise be filtered out, how would I do it? >>> >> >> I meant clients that are rejected like so: >> Feb 3 06:46:59 viper postfix/smtpd[3924]: NOQUEUE: reject: RCPT from >> unknown[62.1.42.20]: 450 4.7.1 Client host rejected: cannot find your >> hostname, [62.1.42.20]; from=<www-d...@insomnia.gr> >> to=<a...@vergina.dyndns.org> proto=ESMTP helo=<mail.insomnia.gr> > > One possible method, using a cidr table: > > smtpd_recipient_restrictions = > check_client_access cidr:/etc/postfix/whitelist.cidr >>>>> reject_invalid_hostname, >>>>> reject_non_fqdn_hostname, >>>>> reject_non_fqdn_sender, >>>>> reject_non_fqdn_recipient, >>>>> reject_unknown_sender_domain, >>>>> reject_unknown_recipient_domain, >>>>> reject_unknown_client, >>>>> reject_unknown_hostname, >>>>> permit_mynetworks, >>>>> reject_unauth_destination, >>>>> check_recipient_access pcre:/etc/postfix/recipient_checks.pcre, >>>>> check_helo_access hash:/etc/postfix/helo_checks, >>>>> check_sender_access hash:/etc/postfix/sender_checks, >>>>> check_client_access hash:/etc/postfix/client_checks, >>>>> check_client_access pcre:/etc/postfix/client_checks.pcre, >>>>> reject_rbl_client zen.spamhaus.org, >>>>> permit > > /etc/postfix/whitelist.cidr > 62.1.42.20 permit_auth_destination > > Thanks.
1) Where should this be placed? Should it be first in smtpd_recipient_restrictions ? I tried it and it worked when placed just after reject_unknown_recipient_domain (before reject_unknown_client). 2) Also tried 62.1.42.20 OK in /etc/postfix/client_checks and moving check_client_access hash:/etc/postfix/client_checks as above (before reject_unknown_client) which also worked. Which one of the two is more safe?
