One more thing to keep in mind. When used with mynetworks, as
I already explained the RHS of the table entries is ignored.
Therefore, your attempt at a reject rule:
10.147.11.11 reject
is completely ineffective. If you want to use CIDR rules with
exceptions to define trusted clients, you need an access(5) table.
Therefore, you'd need to replace all instances of:
permit_mynetworks
with
check_client_access ${cidr}trusted-clients.cidr
and then the RHS values are as documented in access(5).
http://www.postfix.org/access.5.html
Keep in mind that CIDR table matching is order dependent, first
match wins regardless of specificity. Therefore, list more
specific patterns above less specific ones:
10.147.11.11 REJECT November 11 is an unwelcome enemy
10.147.11.0/24 OK All other days in November are good
or:
10.147.11.11 DUNNO November 11 is a stranger in a strange land
10.147.11.0/24 OK All other days in November are fine
--
Viktor.
