Len Conrad:
> smtpd_recipient_restrictions =
> check_client_access hash:/etc/postfix/mta_clients_black.map,
> check_client_access hash:/etc/postfix/webmail_client.class,
> check_helo_access pcre:/etc/postfix/4tuple_main_unfiltered.pcre,
> reject_unauth_pipelining,
> reject_unknown_sender_domain,
> reject_unknown_recipient_domain,
> permit_mynetworks,
> ...
> permit_sasl_authenticated,
> reject
>
> the IPs with "Access denied" probably from the final "reject"
> after "permit_sasl_authenticated" are:
>
> NOT matching before mynetworks and
>
> are all in the mynetworks as members of 3 /20s,
>
> so they should have not been denied access.
>
> debug shows only match_hostname for "smtpd_client_event_limit_exceptions",
> but not for peer debugging.
The permit_mynetworks function logs its name, the client name, and
the client IP address when the debugging level is non-zero.
If you don't see permit_mynetworks logging, then the REJECT happens earlier.
Wietse
