On 8/26/2013 10:24 PM, John Allen wrote:
> I based it something that Noel Jones wrote way back in 2008.
I doubt that Noel suggested anything like this.
> Create a file of the networks you wish to deny access to eg.
> “Deny_Mynetworks_Access” the content of which will be the same networks
> as those found in the mynetworks parameter of the main.cf file for example:
>
> 192.168.0.0/16 REJECT local access not permitted
> n.n.n.n/28 REJECT local access not permitted
> [nnnn:nnnn:nnnn::]/64 REJECT local access not permitted
>
> remove the permit_mynetworks from all the various
> smtpd_xxxx_restrictions stanzas of main.cf. Then modify the master.cf by
> adding
> -o smtpd_client_restrictions=hash:Deny_Mynetworks_Access,.....
> to the smtp service, and add
> -o smtpd_client_restrictions=permit_mynetworks,.....
> to the submission service.
This unnecessary and complex and actually won't work as stated. All
that is required is a one line change to master.cf and a CIDR file:
/etc/postfix/master.cf
...
smtp inet n - - - 20 smtpd
-o smtpd_client_restrictions=check_client_access,\
cidr:/etc/postfix/deny-local.cidr
/etc/postfix/deny-local.cidr
192.168.0.0/16 REJECT local access not permitted
Aug 27 01:28:21 greer postfix/smtpd[31670]: NOQUEUE: reject: RCPT from
gffx.hardwarefreak.com[192.168.100.53]: 554 5.7.1
<gffx.hardwarefreak.com[192.168.100.53]>: Client host rejected: local
access not permitted; from=<s...@hardwarefreak.com> to=<x...@gmail.com>
proto=ESMTP helo=<[192.168.100.53]>
--
Stan
