Thank you for answer. I have in main.cf:
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client
zen.spamhaus.org, check_recipient_access mysql:/etc/postfix/
mysql-virtual_recipient.cf, check_recipient_access mysql:/etc/postfix/
mysql-virtual_policy_greylist.cf
so, if I understood well, I have to modify above like below:
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, check_client_access inline:{91.218.208.22=ok},
reject_unauth_destination, reject_rbl_client zen.spamhaus.org,
check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf,
check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf
am I right?
Currently I am not advanced Postfix user, so I am afraid I wouldn't
configure properly the cidr tables.
2018-06-12 8:54 GMT+02:00 Matus UHLAR - fantomas <uh...@fantomas.sk>:
> On 12.06.18 07:32, Poliman - Serwis wrote:
>
>> Thank you for answer. If in main.cf must be two different
>> check_client_access rules, so I should do:
>> smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-
>> virtual_client.cf
>> smtpd_client_restrictions = check_client_access inline:{91.218.208.22=ok}
>> or maybe
>> smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-
>> virtual_client.cf, check_client_access inline:{91.218.208.22=ok}
>>
>> Am I right?
>>
>
> Neither one. as I said before:
>
> "But it won't help you in smtpd_client_restrictions, since the client is
> rejected later in smtpd_recipient_restrictions"
>
> That means, you don't have to play with smtpd_client_restrictions.
>
> Hmm, if above won't help, how to configure smtpd_recipient_restrictions to
>> unblock this specific ip 91.218.208.22 ?
>>
>
> If you want to configure smtpd_recipient_restrictions (un)block an IP, you
> must put proper "check_client_access" to smtpd_recipient_restrictions,
> in front of the rule that blocks that IP.
>
> I'll keep the rest below undeleted because it still applies.
>
> I just add that I prefer using hash or cidr tables for these cases instead
> of inline access lists - it's easier to ad whitelisted IPs to those tables.
>
>
> 2018-06-11 16:24 GMT+02:00 Matus UHLAR - fantomas <uh...@fantomas.sk>:
>>
>> On 11.06.18 15:17, Poliman - Serwis wrote:
>>>
>>> Listed on lists related with Postfix, from my main.cf:
>>>> smtpd_recipient_restrictions = permit_mynetworks,
>>>> permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client
>>>> zen.spamhaus.org, check_recipient_access mysql:/etc/postfix/
>>>> mysql-virtual_recipient.cf, check_recipient_access mysql:/etc/postfix/
>>>> mysql-virtual_policy_greylist.cf
>>>>
>>>>
>>> - I recommend putting reject_rbl_client zen.spamhaus.org at the end of
>>> rules
>>>
>>> - put check_client_access in front of reject_rbl_client, one that will
>>> allow
>>> IP 91.218.208.22
>>>
>>> @Wietse
>>>> Currently I have in main.cf:
>>>> smtpd_client_restrictions = check_client_access mysql:/etc/postfix/
>>>> mysql-virtual_client.cf
>>>>
>>>>
>>> Should this line be modified as:
>>>> smtpd_client_restrictions = check_client_access
>>>> inline:{91.218.208.22=ok }
>>>> mysql:/etc/postfix/mysql-virtual_client.cf
>>>> OR
>>>> smtpd_client_restrictions = check_client_access mysql:/etc/postfix/
>>>> mysql-virtual_client.cf, inline:{91.218.208.22=ok }
>>>>
>>>>
>>> it's not possible to use two parameters for check_client_access
>>> - there must be two different check_client_access rules.
>>>
>>> But it won't help you in smtpd_client_restrictions, since the client is
>>> rejected later in smtpd_recipient_restrictions
>>>
>>> Btw I am curious - is it possible to turn off ip verification only for
>>>> clients?
>>>>
>>>>
>>> for what clients? for your customers?
>>> and which kind of IP verification?
>>>
>>
>
> --
> Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> The 3 biggets disasters: Hiroshima 45, Tschernobyl 86, Windows 95
>
--
*Pozdrawiam / Best Regards*
*Piotr Bracha*
