> On Dec 15, 2018, at 1:56 PM, Bill Cole
> <postfixlists-070...@billmail.scconsult.com> wrote:
>
> The reject_unknown_client_hostname restriction directive resides in one of
> the "smtpd_*_restrictions" restriction lists, most likely
> smtpd_client_restrictions or smtpd_recipient_restrictions. It can be
> overridden by a PERMIT result from any restriction directive preceding it *in
> the same restriction list* which permits the mail.
There's a simpler model, namely to nest the restriction in a CIDR table:
main.cf:
cidr = cidr:${config_directory}/
smtpd_recipient_restrictions =
check_client_access ${cidr}client-access.cidr
client-access.cidr:
192.0.2.1 reject_unknown_reverse_client_hostname
192.0.2.0/24 DUNNO avoid false positive risk
0.0.0.0/0 reject_unknown_client_hostname
The CIDR table (order of entries matters, put the most specific rules
first) avoids to the need to white-list any addresses, "DUNNO" rules
short-circuit the lookup without a definite outcome, effectively
white-listing the address only from less specific rules in the same
table.
--
Viktor.
