On Mon, May 16, 2016 at 05:39:12PM +0000, Gomes, Rich wrote: > My postfix servers are configured to read the access file when > connections are made but I have found that machines not in the > access file or even those which have REJECT as an action are > allowed to send mail. > > I have specified it in my main.cf and run postmap access followed > by service postfix restart after I make changes > > mynetworks = hash:/etc/postfix/access > > > Is there a piece that I am missing?
Yes, you seem to be confused about how/where access(5) maps can be used. They don't work for $mynetworks lookups. Well, strictly speaking, it DOES work, but not how you would have intended. Any positive result from your mynetworks lookup means the client is determined to be in mynetworks! 192.2.0.25 OK 192.2.0.16 REJECT Go away spammer Oops! So when 192.2.0.16 connects, Postfix sees it as a valid address in $mynetworks ... rather than rejecting, you just allowed open relaying for that spammer! Perhaps the following README articles will help you: http://www.postfix.org/BASIC_CONFIGURATION_README.html http://www.postfix.org/SMTPD_ACCESS_README.html and see also: http://www.postfix.org/postconf.5.html#mynetworks -- http://rob0.nodns4.us/ Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
