|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Alex (mysqlstudent
gmail.com)
Date: Thu Nov 12 2009 - 21:21:32 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi,
> Stop top posting. Google for the term if you don't understand.
Sorry, that was only to follow up with my own post, so people had a reference.
> It looks as if you're trying to whitelist the client by IP, so you need
> check_client_access to check an IP.
Yes, and I've tried that too. I have done quite a bit of reading, and
afraid I'm getting conflicting info now. I've read posts from Ralf in
the past, as well as the man pages and other docs at postfix.org, but
it's still not working. Can you point me to the right documentation
that outlines why it would be check_client_access to check an IP?
For the time being, I've added the IP to mynetworks, but that's
obviously less than the most desirable approach. Even with the
following it doesn't work:
smtpd_recipient_restrictions =
permit_mynetworks
[...]
check_helo_access hash:/etc/postfix/helo_checks,
check_client_access hash:/etc/postfix/client_checks
In client_checks and helo_checks I have the IP listed:
192.168.1.99 OK
and have postmap'd the file.
I've tried a separate smtpd_helo_restrictions with similar results:
smtpd_helo_restrictions =
permit_mynetworks
check_helo_access hash:/etc/postfix/helo_checks
permit
> As a general rule, access tables should be *below* reject_unauth_destination
> to prevent accidental open relay.
>
> You have a lot of reading to do. Start here:
> http://www.postfix.org/documentation.html
Yes, I know. This is part of a larger project. I'd appreciate your
direction here. Here are some of the directions I have followed that
have lead me to where I am:
# Postfix-users from 2004 smtpd_client_restrictions?
http://marc.info/?t=110137716000002&r=1&w=2
smtpd_client_restrictions =
permit_mynetworks
check_helo_access hash:/etc/postfix/helo_checks
I've since removed it, basically starting from scratch, because I'm
afraid it has created more problems than it solves.
My full smtpd_recipient_restrictions is below:
smtpd_recipient_restrictions =
reject_non_fqdn_sender
reject_non_fqdn_recipient
reject_unknown_sender_domain
reject_unknown_recipient_domain
reject_unauth_pipelining
permit_mynetworks
reject_invalid_hostname
reject_non_fqdn_hostname
reject_unauth_destination
check_helo_access hash:/etc/postfix/helo_checks
check_recipient_access pcre:/etc/postfix/recipient_checks
check_sender_access hash:/etc/postfix/sender_checks
check_client_access hash:/etc/postfix/client_checks
Thanks so much.
Best regards,
Alex
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]