Thank you all! It is working now as I had expected.
One question, does postmap needs to be run against the cidr file? Or is a reload of the service all that is needed when making changes? -----Original Message----- From: Kevin Miller [mailto:kevin.mil...@juneau.org] Sent: Thursday, May 19, 2016 2:12 PM To: Gomes, Rich <gomes-r...@aramark.com> Subject: RE: postfix ignoring access file? Yup. The 0.0.0.0/0 and ::/0 lines are wildcard addresses (as noted in the example). They match *any* IP address. Thus, as Wietse mentions, you list your valid hosts or subnets first with an OK, which will allow mail from them to pass unhindered and then add the wildcard addresses in last to block the rest of the email universe... ...Kevin -- Kevin Miller Network/email Administrator, CBJ MIS Dept. 155 South Seward Street Juneau, Alaska 99801 Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No: 307357 -----Original Message----- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Gomes, Rich Sent: Thursday, May 19, 2016 9:54 AM To: Postfix users Subject: RE: postfix ignoring access file? Ok, this looks close. So the reject at the end is the only way to replicate the "if not in the "allow list", you are not authorized to "relay"? -----Original Message----- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Wietse Venema Sent: Thursday, May 19, 2016 1:51 PM To: Postfix users <postfix-users@postfix.org> Subject: Re: postfix ignoring access file? Gomes, Rich: > Ok, my apologies. It seems some of the answers focused on "it doesn't > work like that" > > What I need is to have any IPs listed in the /etc/postfix/access file > with a directive of "OK" be allowed to send mail Any IPs attempting to > send mail to this particular mail server that are not listed in that > file are denied access. > > > Please let me know if you need more clarification You would not use this: /etc/postfix/main.cf: mynetworks = hash:/etc/postfix/access Instead, you could use this: /etc/postfix/main.cf: smtpd_client_restrictions = check_client_access cidr:/etc/postfix/client_access.cidr /etc/postfix/client_access.cidr: # Order of rules is important. 192.168.1.0/24 OK 10.0.0.0/8 OK # These wildcard patterns must be last. 0.0.0.0/0 reject ::/0 reject See also; "man cidr_table". Wietse
