l...@airstreamcomm.net:
> We would like to block a couple ranges of ips before a sasl login is
> able to happen. Smtpd_recipient_restrictions looks like this:
>
> smtpd_recipient_restrictions =
> permit_mynetworks,
> check_client_access cidr:/etc/postfix/restricted
> permit_sasl_authenticated,
> check_client_access mysql:/etc/postfix/authb4smtp.cf,
> reject_unauth_destination
>
> Just want to confirm this configuration will reject connections before
> sasl is allowed. Also would it make more sense to put the
> check_client_access cidr:/etc/postfix/restricted in
> smtpd_client_restrictions instead?
Won't work unless you change smtpd_delay_reject, which creates other
problems (like not knowing what mail you're blocking).
Instead I suggest that you look for smtpd_sasl_exceptions (obsolescent)
and smtpd_discard_ehlo_keyword_address_maps.
Wietse
