Boyd Lynn Gerber wrote:
> Hello,
>
> I have a complete forward and reverse DNS setup for local.domain.com and I
> am trying to restrict all 192.168.x.x addresses. I am using in main.cf
>
> smtpd_restriction_classes = local_only
> local_only = check_recipient_access hash:/etc/postfix/local_only, reject
> smtpd_sender_restrictions = hash:/etc/postfix/access
> smtpd_client_restrictions =
> smtpd_recipient_restrictions = check_sender_access
> hash:/etc/postfix/restricted_senders,
> permit_sasl_authenticated,permit_mynetworks,check_relay_domains
>
> and local_only has all 64770 entries below.
>
> 192.168.0.1 OK
> 192.168.0.2 OK
> ...
> 192.168.255.253 OK
> 192.168.255.254 OK
Looks like scrambled eggs. (^-^)
A restriction class in Postfix is meant to combine two different checks. I
still don't really know what exactly you want to restrict.
Do you mean that you want to restrict all CLIENTS in 192.168.0.0/16 to
send only to local domains?
In that case you would use something like this:
smtpd_restriction_classes = local_only
local_only =
reject_unlisted_recipient
permit_auth_destination
smtpd_recipient_restrictions =
check_client_access cidr:/etc/postfix/clients_local_only
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination
....
/etc/postfix/clients_local_only:
192.168.0.0/16 local_only
The check_client_access MUST NOT return OK because that would allow the
client to relay (in the order of checks it appears before
reject_unauth_destination can restrict the destination).
--
Sandy
List replies only please!
Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
