Ronald F. Guilmette: > > I really should have figured this out ages ago, but... > > Quite simply, there exits a small number of organizations that > run afoul of my various smtpd_recipient_restrictions and/or my > smtpd_helo_restrictions, but from which I need to be able to > receive mail anyway. (A small number of companies get snagged > on reject_unknown_helo_hostname due to having botched the HELO > strings on their outbound mail servers, and also, in the case of > Microsoft, they seem to have managed to get numerous of their > IPs listed on Spamcop.) > > So anyway, I just now added the following to my pre-existing > list of smtpd_recipient_restrictions: > > check_client_access cidr:/usr/local/etc/postfix/blacklists/cidr-whitelist > > where my cidr-whitelist file currently contains just: > > # Microsoft > 65.52.0.0/14 OK > > Of course, I placed this new check_client_access clause above all of > the other/pre-existing clauses in my smtpd_recipient_restrictions.
Placing this before reject_unauth_destination will give them relay permissions (assuming that your system pre-dates smtpd_relay_restriction support). See: http://www.postfix.org/SMTPD_ACCESS_README.html#danger Wietse
