On Wed, Jun 3, 2015 at 10:48 AM, Wietse Venema <wie...@porcupine.org> wrote: > francis picabia: >> >>> Let's say I want everything to go through the content filter unless >> >>> it comes from 1.2.3.4/24 or 5.6.7.8/24 How is that configured? > > A cidr: based access map would be the most convenient here. > > /etc/postfix/main.cf: > smtpd_client_restrictions = > check_client_access cidr:/etc/postfix/client_access.cidr > > /etc/postfix/client_access.cidr: > 1.2.3.4/24 DUNNO > 5.6.7.8/24 DUNNO > 0.0.0.0/0 FILTER foo:bar > > Remember that cidr maps are searched in the given order, unlike > hash maps and other indexed files.
OK, that's a good tip to know. Thanks for this. I was just going to post that I found "Example 3" at the amavis documentation. It discusses similar to this scenario. The above seems more concise. http://www.ijs.si/software/amavisd/amavisd-new-docs.html#pbanks The last part I need to get right is the list for smtpd_client_restrictions. If I send the message off to amavis, it doesn't get the rest of the tests. Just to run through a simple part of the set so I can understand this, suppose I only have: smtpd_client_restrictions = check_client_access hash:/etc/postfix/access, reject_invalid_hostname, reject_unknown_reverse_client_hostname I currently use the access file to OK certain IPs which have a reverse DNS failure. How do I add the client_access.cidr to the list of checks? I'd think it would need to be at the end, and in /etc/postfix/access OK/PERMIT can't be used . If I make the /etc/postfix/access use DUNNO rather than OK, then they still get caught by the following reject_unknown_reverse_client_hostname. I can't see how to use reject items with white-listing appearing earlier in the sequence and also the content filter. Do I need to put these other checks in another smtpd_* restrictions list?