On Thu, Dec 24, 2020 at 01:13:05AM +0000, Matthew Selsky wrote:
> > No, you can leave mynetworks unchanged if there is more to mynetworks
> > than mere relay access.
>
> Is there any reason not to merge ${cidr}cloud-email-providers.cidr into
> mynetworks? I only reference mynetworks in the following places currently:
>
> smtpd_helo_restrictions =
> permit_mynetworks
> reject_invalid_helo_hostname
> reject_non_fqdn_helo_hostname
> smtpd_relay_restrictions =
> permit_mynetworks
> check_client_access ${cidr}cloud-email-providers.cidr
> permit_tls_clientcerts reject
>
> If I add ${cidr}cloud-email-providers.cidr to mynetworks, then they'd
> pick up the relaxed restrictions for smtpd_helo_restrictions, so this
> seems reasonable and allows me to maintain 1 fewer table. Is there
> anything that I'm missing?
The parameters that reference $mynetworks in a non-trivial way by
default are:
postscreen_access_list
smtpd_client_event_limit_exceptions
smtpd_relay_restrictions
If you're OK with including the guilty parties in all three cases, then
sure, you can simply list them in mynetworks.
--
Viktor.
