Thank you for answer. If in main.cf must be two different
check_client_access rules, so I should do:
smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-
virtual_client.cf
smtpd_client_restrictions = check_client_access inline:{91.218.208.22=ok}
or maybe
smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-
virtual_client.cf, check_client_access inline:{91.218.208.22=ok}
Am I right?
Hmm, if above won't help, how to configure smtpd_recipient_restrictions to
unblock this specific ip 91.218.208.22 ?
2018-06-11 16:24 GMT+02:00 Matus UHLAR - fantomas <uh...@fantomas.sk>:
> On 11.06.18 15:17, Poliman - Serwis wrote:
>
>> Listed on lists related with Postfix, from my main.cf:
>> smtpd_recipient_restrictions = permit_mynetworks,
>> permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client
>> zen.spamhaus.org, check_recipient_access mysql:/etc/postfix/
>> mysql-virtual_recipient.cf, check_recipient_access mysql:/etc/postfix/
>> mysql-virtual_policy_greylist.cf
>>
>
> - I recommend putting reject_rbl_client zen.spamhaus.org at the end of
> rules
>
> - put check_client_access in front of reject_rbl_client, one that will
> allow
> IP 91.218.208.22
>
> @Wietse
>> Currently I have in main.cf:
>> smtpd_client_restrictions = check_client_access mysql:/etc/postfix/
>> mysql-virtual_client.cf
>>
>
> Should this line be modified as:
>> smtpd_client_restrictions = check_client_access inline:{91.218.208.22=ok }
>> mysql:/etc/postfix/mysql-virtual_client.cf
>> OR
>> smtpd_client_restrictions = check_client_access mysql:/etc/postfix/
>> mysql-virtual_client.cf, inline:{91.218.208.22=ok }
>>
>
> it's not possible to use two parameters for check_client_access
> - there must be two different check_client_access rules.
>
> But it won't help you in smtpd_client_restrictions, since the client is
> rejected later in smtpd_recipient_restrictions
>
> Btw I am curious - is it possible to turn off ip verification only for
>> clients?
>>
>
> for what clients? for your customers?
> and which kind of IP verification?
>
> Poliman - Serwis:
>>> > I have a problem with specific IP 91.218.208.22. People from network
>>> > behind
>>> > this address can't connect to mailserver, because - as I found out -
>>> this
>>> > ip address is listed. Not exactly this specific address but whole C
>>> > class.
>>> > I saw Postfix uses blacklists in own configuration but I would like to
>>> > exclude only this one IP.
>>>
>>
> 2018-06-11 12:53 GMT+02:00 Wietse Venema <wie...@porcupine.org>:
>>
>>> There are many ways to do this. Here is one:
>>>
>>> ...
>>> reject_unauth_destination
>>> check_client_access inline:{91.218.208.22=ok, 1.2.3.4=OK}
>>> reject_rbl_client foo.bar.org
>>> ...
>>>
>>
> --
> Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> M$ Win's are shit, do not use it !
>
--
*Pozdrawiam / Best Regards*
*Piotr Bracha*
