On Mon, May 16, 2016 at 07:09:46PM +0000, Gomes, Rich wrote:
> So is there a way to have anything NOT in the access file rejected
> or will I need some kind of wild card statement that will REJECT
> everything else?
That question contains its answer:
main.cf :
...
smtpd_recipient_restrictions = [ ... ]
check_client_access hash:/etc/postfix/client_access, reject
...
/etc/postfix/client_access :
192.0.2.25 permit_auth_destination
192.0.2.254 permit_auth_destination
...
You don't have to blacklist anything in client_access, because you
have your wildcard reject statement which follows.
However, this means you can't get mail from anywhere not listed.
Seems like a very strange need. Are you sure this is what you want,
or are you possibly misunderstanding something?
Please tell us the high-level problem and goal in non-technical
terms, so we can possibly point you toward the right solution.
Also see:
http://www.postfix.org/DEBUG_README.html#mail
> Gomes, Rich:
> > I added this to my main.cf file:
> >
> > smtpd_client_restrictions = hash:/etc/postfix/access
1. "access" is a terrible name for an access(5) file. Give it a
useful name that indicates what KIND of access is being looked up:
client_access, helo_access, sender_access, recipient_access ...
2. This uses the (undocumented?) implicit use of check_client_access
by virtue of having been placed in smtpd_client_restrictions.
It's better to be explicit and precede the "maptype:name" with
"check_client_access".
> > And it "works" in the sense that if I give an IP a directive of
> > OK or REJECT, it works accordingly. However, if I comment out an
> > IP in the access file, it still accepts the email?
>
> As documented since december 1998, if there is no match, then no
> decision is made.
>
> Wietse
--
http://rob0.nodns4.us/
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
