On 19 May 2016, at 11:35, Gomes, Rich wrote:
Postfix is the corporate standard so this has been a bit of a learning curve for me. I'd like to keep it pretty simple, so there must be a way to have the access file behave in the same way it does in Sendmail.
Non-sequitur. Your desire for simplicity has no effect on whether Postfix can be made to behave as Sendmail does with its AccessDB feature enabled. For example, Sendmail matches client IPs & hostnames, sender and recipient acddresses and substrings thereof all with one file, using "tags" to limit entries to a particular SMTP parameter. There is absolutely no way to make Postfix do THAT.
HOWEVER: with the current version of Postfix and mostly default configurations, your use of one hashed access file for mynetworks containing only IPs with OK as their LHS values should in fact work well enough. That is why I said:
And for important tips on how to get help HERE efficiently, the last ~50 lines of the DEBUG_README file are critical. We don't know what version of Postfix you're running, whether you built from source or are using some OS packager's quirky variant, or what, if any, other non-default settings you have which don't do what you expect and might influence the issues you're having.
There are relevant facts that you're actively resisting telling us.
Specifically, I would like to only allow those entries in the access file (with a directive of OK) allowed to send mail, if it is not in the file, it should get a Relaying denied message and be dropped.
As documented, the LHS of a map file used for mynetworks doesn't matter, although it is necessary. However, as long as all you have in that file is OK entries, you get roughly the same effect. By default, "smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination" so if you're not offering authentication, you'll only relay for IPs in that mynetworks map and everyone else will get a 4xx reply, so they might try again but it will never work for them. "smtpd_relay_restrictions = permit_mynetworks, reject" might be a more exact fit.
But of course, smtpd_relay_restrictions doesn't exist in every version of Postfix, and you've not said what version you're using or told us anything about your config other than a single setting at a time that it isn't working. This makes assisting you very challenging.
Does anyone have any suggesstions?
See the message of mine that you replied to. Pay particular attention to the paragraph I quote above.
