Looking for advice.
I have an smtpd process configured with this below. It works great when
injecting the messages from localhost but fails with '5.7.1 <xxxx@xxxx>:
Recipient address rejected: Access denied' when I try it from a remote node
(this port is firewalled and only allowed for specific machines). I know the
quick win to make this work would be to add the IP addresses of the approved
nodes to the mynetwork list of IPs.
Would it be better to add IPs to an access hash list and use
check_recipient_a_access so we can use update it when we need to on the fly?
If so can I add subnets (10.20.30.0/24) or just single IPs? I’m using
https://www.postfix.org/postconf.5.html#smtpd_recipient_restrictions as a
reference and it says not to use OK but DUNNO, which is a little confusing with
what DUNNO says it does, which is what also prompted this question. What’s the
best approach here?
Current:
10026 inet n - n - 3 smtpd
-o content_filter=
-o
receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_relay_restrictions=reject_unknown_recipient_domain
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
-o virtual_alias_domains=
-o virtual_alias_maps=
What I’d like to do:
10026 inet n - n - 3 smtpd
-o content_filter=
-o
receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_relay_restrictions=reject_unknown_recipient_domain
-o smtpd_recipient_restrictions=permit_mynetworks,
check_recipient_a_access hash:/etc/postfix/approved_ip_access,
reject
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
-o virtual_alias_domains=
-o virtual_alias_maps=
