I added this to my main.cf file: smtpd_client_restrictions = hash:/etc/postfix/access
And it "works" in the sense that if I give an IP a directive of OK or REJECT, it works accordingly. However, if I comment out an IP in the access file, it still accepts the email? I tried commenting out the mynetworks = hash:/etc/postfix/access line in my main.cf file but it still accepts the mail. What else am I missing? -----Original Message----- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of /dev/rob0 Sent: Monday, May 16, 2016 2:01 PM To: postfix-users@postfix.org Subject: Re: postfix ignoring access file? On Mon, May 16, 2016 at 05:39:12PM +0000, Gomes, Rich wrote: > My postfix servers are configured to read the access file when > connections are made but I have found that machines not in the access > file or even those which have REJECT as an action are allowed to send > mail. > > I have specified it in my main.cf and run postmap access followed by > service postfix restart after I make changes > > mynetworks = hash:/etc/postfix/access > > > Is there a piece that I am missing? Yes, you seem to be confused about how/where access(5) maps can be used. They don't work for $mynetworks lookups. Well, strictly speaking, it DOES work, but not how you would have intended. Any positive result from your mynetworks lookup means the client is determined to be in mynetworks! 192.2.0.25 OK 192.2.0.16 REJECT Go away spammer Oops! So when 192.2.0.16 connects, Postfix sees it as a valid address in $mynetworks ... rather than rejecting, you just allowed open relaying for that spammer! Perhaps the following README articles will help you: http://www.postfix.org/BASIC_CONFIGURATION_README.html http://www.postfix.org/SMTPD_ACCESS_README.html and see also: http://www.postfix.org/postconf.5.html#mynetworks -- http://rob0.nodns4.us/ Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
