Thank you. My goal is for any IPs in the access file to be allowed and any not listed in access to be rejected with Relay Denied Just like using the access file in Sendmail...
Thanks, Rich -----Original Message----- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of /dev/rob0 Sent: Monday, May 16, 2016 3:30 PM To: postfix-users@postfix.org Subject: Re: postfix ignoring access file? On Mon, May 16, 2016 at 07:09:46PM +0000, Gomes, Rich wrote: > So is there a way to have anything NOT in the access file rejected or > will I need some kind of wild card statement that will REJECT > everything else? That question contains its answer: main.cf : ... smtpd_recipient_restrictions = [ ... ] check_client_access hash:/etc/postfix/client_access, reject ... /etc/postfix/client_access : 192.0.2.25 permit_auth_destination 192.0.2.254 permit_auth_destination ... You don't have to blacklist anything in client_access, because you have your wildcard reject statement which follows. However, this means you can't get mail from anywhere not listed. Seems like a very strange need. Are you sure this is what you want, or are you possibly misunderstanding something? Please tell us the high-level problem and goal in non-technical terms, so we can possibly point you toward the right solution. Also see: http://www.postfix.org/DEBUG_README.html#mail > Gomes, Rich: > > I added this to my main.cf file: > > > > smtpd_client_restrictions = hash:/etc/postfix/access 1. "access" is a terrible name for an access(5) file. Give it a useful name that indicates what KIND of access is being looked up: client_access, helo_access, sender_access, recipient_access ... 2. This uses the (undocumented?) implicit use of check_client_access by virtue of having been placed in smtpd_client_restrictions. It's better to be explicit and precede the "maptype:name" with "check_client_access". > > And it "works" in the sense that if I give an IP a directive of OK > > or REJECT, it works accordingly. However, if I comment out an IP in > > the access file, it still accepts the email? > > As documented since december 1998, if there is no match, then no > decision is made. > > Wietse -- http://rob0.nodns4.us/ Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
