On 2013-10-25 4:17 PM, Viktor Dukhovni <postfix-us...@dukhovni.org> wrote:
You've been on this list long enough to know that verbatim restriction definitions don't belong in master.cf:master.cf: submission inet n ... smtpd -o smtpd_client_restrictions=$submission_client_restrictions main.cf: submission_client_restrictions = check_client_access ${cidr}/submission_clients.cidr, permit_sasl_authenticated, permit_mynetworks reject
You're right of course... thanks for being so gentle with clue stick..
or in the relay_restrictions, ie: [ smtpd_relay_restrictions = ] check_client_access ${cidr}/blocked_clients.cidr, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destinationThis would block all mail from the clients in question, not just submission. Also you don't even want Linked machines that hijack submission on port 25 sending mail that is not relay mail (inbound to your organization). So you really need to not use port 25 for submission.
I don't (use port 25 for submission)... and am not sure what I was thinking there. Guess maybe I should lay off the afternoon coffee... ;)
Anyway, thanks as always for the most excellent support on this list. -- Best regards, */Charles/*
