On Wed, Jun 3, 2015 at 3:18 PM, Noel Jones <njo...@megan.vbhcs.org> wrote: > On 6/3/2015 11:18 AM, francis picabia wrote: >> On Wed, Jun 3, 2015 at 11:42 AM, Wietse Venema <wie...@porcupine.org> wrote: >>> francis picabia: >>>>> /etc/postfix/main.cf: >>>>> smtpd_client_restrictions = >>>>> check_client_access cidr:/etc/postfix/client_access.cidr >>>>> >>>>> /etc/postfix/client_access.cidr: >>>>> 1.2.3.4/24 DUNNO >>>>> 5.6.7.8/24 DUNNO >>>>> 0.0.0.0/0 FILTER foo:bar >>> ... >>>> How do I add the client_access.cidr to the list of checks? >>> >>> At the beginning of smtpd_client_restrictions. >> >> I don't understand this. Wouldn't that skip all of the following >> checks? > > No. All additional checks are performed as normal. > >> If it is from the general Internet, it would be sent off >> to amavis on 127.0.0.1 port 10024. > > It will be sent to the FILTER destination *after* the mail is > received normally and put in the queue, just like any other incoming > mail. > > > > -- Noel Jones
That is amazing. This was not revealed to me by the doc for smtpd_client_restrictions. What I saw matched my experiences with configuring this over the years... "Restrictions are applied in the order as specified; the first restriction that matches wins". There is a section under http://www.postfix.org/SMTPD_ACCESS_README.html on delayed evaluation of access restriction lists, but it did not say anything about how FILTER fits into the flow. I'm glad it provides a solution and I was able to get this help from everyone.
