Len Conrad: > smtpd_recipient_restrictions = > check_client_access hash:/etc/postfix/mta_clients_black.map, > check_client_access hash:/etc/postfix/webmail_client.class, > check_helo_access pcre:/etc/postfix/4tuple_main_unfiltered.pcre, > reject_unauth_pipelining, > reject_unknown_sender_domain, > reject_unknown_recipient_domain, > permit_mynetworks, > ... > permit_sasl_authenticated, > reject > > the IPs with "Access denied" probably from the final "reject" > after "permit_sasl_authenticated" are: > > NOT matching before mynetworks and > > are all in the mynetworks as members of 3 /20s, > > so they should have not been denied access. > > debug shows only match_hostname for "smtpd_client_event_limit_exceptions", > but not for peer debugging.
The permit_mynetworks function logs its name, the client name, and the client IP address when the debugging level is non-zero. If you don't see permit_mynetworks logging, then the REJECT happens earlier. Wietse