Scott Techlist:
> I'd like to block certain IP's from attempting to authenticate on my
> submission port.
>
> This is what I have now:
>
> #master.cf
> #port 587
> submission inet n - n - - smtpd
> -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
> -o smtpd_sasl_auth_enable=yes
>
> Is it possible to configure to use an access list before the
> permit_sasl_authenticated?
>
> Where the access file contains:
> #
> Somedomain.com 550 reject
> 45.227.253.216 550 reject
>
>
> Is this right? Want to be sure I'm configuring it correctly and not opening
> some hole:
>
> #master.cf
> #port 587
> submission inet n - n - - smtpd
> -o smtpd_recipient_restrictions= check_client_access
> hash:/etc/postfix/access, permit_sasl_authenticated,reject
> -o smtpd_sasl_auth_enable=yes
Your -o name=value contains spaces, therefore use {} like this:
submission inet n - n - - smtpd
-o { smtpd_recipient_restrictions =
check_client_access hash:/etc/postfix/access,
permit_sasl_authenticated, reject }
(this requires Postfix version 3.0 or later).
You are right to place check_client_access before permit_sasl_authenticated.
Wietse
