Thanks to everyone for the informed and speedy replies! They definitely put me in the right direction.
This worked perfectly: mynetworks = hash:/etc/postfix/access -----Original Message----- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Noel Jones Sent: Monday, December 28, 2015 4:21 PM To: postfix-users@postfix.org Subject: Re: allow by IP? On 12/28/2015 3:08 PM, Gomes, Rich wrote: > Good day, > > I am making the switch from running Sendmail as an internal relay to using > Postfix. > With Sendmail, I can restrict relaying by IP using the /etc/mail/access file. > > I cannot seem to find an equivalent of this in Postfix. > > I have read about using > smtpd_client_restrictions = check_client_access > hash:/etc/postfix/access > > But it only "works" if I specifically say REJECT. > The only method that works is to use 'mynetworks_style = subnet' (test > machine happens to be on same subnet as the postfix server) but that > is not what I want > > I want to put all the IPs I want to allow relay in a file and have postfix > only read that. > I don't want to put them all in main.cf, as there will be several hundred and > we do not allow entire subnets, even server-based subnets. > > > This is an internal relay used by internal applications that will either pass > mail off to our Exchange server (internal users) or to the internet (external > users). > I won't need any other configuration. > > > > Thank you in advance > > > > Rich > > > Please see http://www.postfix.org/BASIC_CONFIGURATION_README.html#relay_from http://www.postfix.org/postconf.5.html#mynetworks The simplest way to use mynetworks is a list of IPs in a flat file, one per line. You'll need to run "postfix reload" after editing the file. # main.cf mynetworks = /path/to/mynetworks # mynetwork 192.168.1.101 10.10.1.100 ... Other supported formats are listed in the docs. Note that when you specify mynetworks by hand, the mynetworks_style parameter is ignored. -- Noel Jones
