Hi Viktor, On Mon, Dec 21, 2020 at 11:20:30PM -0500, Viktor Dukhovni wrote: > On Tue, Dec 22, 2020 at 03:23:56AM +0000, Matthew Selsky wrote: > > > cidr = cidr:${config_directory}/ > > smtpd_recipient_restrictions = > > reject_non_fqdn_recipient > > reject_unknown_recipient_domain > > check_client_access ${cidr}tag-cloud-email-providers.cidr > > Yes, this will tag any message that is ultimately accepted. > > > smtpd_relay_restrictions = > > permit_mynetworks > > check_client_access ${cidr}cloud-email-providers.cidr > > permit_tls_clientcerts > > Yes, this will permit relay access for the matching IPs.
Thanks, this worked perfectly! > No, you can leave mynetworks unchanged if there is more to mynetworks > than mere relay access. Is there any reason not to merge ${cidr}cloud-email-providers.cidr into mynetworks? I only reference mynetworks in the following places currently: smtpd_helo_restrictions = permit_mynetworks reject_invalid_helo_hostname reject_non_fqdn_helo_hostname smtpd_relay_restrictions = permit_mynetworks check_client_access ${cidr}cloud-email-providers.cidr permit_tls_clientcerts reject If I add ${cidr}cloud-email-providers.cidr to mynetworks, then they'd pick up the relaxed restrictions for smtpd_helo_restrictions, so this seems reasonable and allows me to maintain 1 fewer table. Is there anything that I'm missing? Thanks, -Matt