> On Feb 14, 2015, at 16.14, John <j...@klam.ca> wrote: > > Does mynetworks have to contain anything other than 127.0.0.1/8 and ::1/128.
for whatever it's worth, my personal preference is to, as a rule, always set mynetworks to empty. i make an effort to not allow relaying based on source ip address, and in the occasional scenario in which it cannot be avoided [typically antiquated client software or sometimes "appliances" which cannot do encryption/smtp auth], i use check_client_access with a cidr map. the end result is the same, but i find it more explicitly conveys what is going on. -ben
