On Fri, Jun 24, 2022 at 10:50:53PM +0000, Gary Smith wrote:
> Current:
>
> 10026 inet n - n - 3 smtpd
> -o content_filter=
> -o
> receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters
>
> -o smtpd_helo_restrictions=
> -o smtpd_client_restrictions=
> -o smtpd_sender_restrictions=
> -o smtpd_relay_restrictions=reject_unknown_recipient_domain
> -o smtpd_recipient_restrictions=permit_mynetworks,reject
> -o smtpd_authorized_xforward_hosts=127.0.0.0/8
> -o virtual_alias_domains=
> -o virtual_alias_maps=
As a safety measure, the Postfix smtpd(8) server requires that at least
one of "smtpd_relay_restrictions" and "smtpd_recipient_restrictions"
contain a rule that rejects by default:
* reject, defer, reject_unauth_destination, ...
Such a rule can be preceded by a rule selectively permits some clients,
SASL authenticated users, or mail to your own domains.
See: http://www.postfix.org/postconf.5.html#smtpd_relay_restrictions
> What I’d like to do:
>
> 10026 inet n - n - 3 smtpd
> ...
> -o { smtpd_relay_restrictions = permit_auth_destination,
> reject_unknown_recipient_domain }
> -o { smtpd_recipient_restrictions=permit_mynetworks,
> check_client_access cidr:/etc/postfix/trusted_10026_clients.cidr,
> reject }
> ...
Use the above edited form with "cidr" rather than "hash" table.
--
Viktor.
