Jacky Chan wrote:
Magnus Bäck wrote:
On Tuesday, January 20, 2009 at 03:33 CET,
Jacky Chan <jac...@wkg1.umac.mo> wrote:
Yeap, I finally got your idea. And I don't expect that is such easy to
configure.
Indeed for mynetwork parameter, I do have a list of IP to be
restricted so I want it to be located on an external file but not in
main.cf
As advised by Magnus, how do I create the external iplist.cidr
# main.cf
mynetworks = cidr:/etc/postfix/iplist.cidr
# /etc/postfix/iplist.cidr
!192.168.1.1
!192.168.1.2
192.168.1.3
!192.168.0.0/16
In iplist.cidr, how about I don't supply the result, such as OK or
REJECT? Is that OK?
No, see cidr_table(5). You'll also note that the manual page doesn't say
anything about using ! for negation, and that's because it's a special
feature of mynetworks. Just drop the cidr: on the mynetworks line.
[...]
--
Magnus Bäck
mag...@dsek.lth.se
In summary, the configuration involved
# main.cf
mynetworks = /etc/postfix/iplist.cidr
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
# /etc/postfix/iplist.cidr
192.168.1.0 OK
!192.168.2.10
192.168.2.20 REJECT
192.168.0.0 REJECT
But I found the two REJECT statements don't work, I still can send mail from
192.168.2.20 where the destination is in mydestination or not. I don't know
whether I understand REJECT correctly or not in cidr under mynetwork (which
I can REJECT in man cidr_table), what should be the result supposed to be in
this case? Or I can do it at firewall level too.
Best,
Jacky
Why do you make this so hard? Why do you not just use one of
the many examples sent to you?
Please review the documentation for mynetworks. It is not an
access table; access table syntax does not work.
List exceptions first, then list IPs and cidr networks that
are allowed internet access. Don't put anything on the right
for a result. Or just don't list IPs if they're not allowed
to relay. Remember to include localhost.
mynetworks = /path/to/networks
# networks
!192.168.2.10
!192.168.2.20
127.0.0.1
192.168.1.0/24
Good luck.
--
Noel Jones
