Thank you for answer. I have in main.cf: smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client zen.spamhaus.org, check_recipient_access mysql:/etc/postfix/ mysql-virtual_recipient.cf, check_recipient_access mysql:/etc/postfix/ mysql-virtual_policy_greylist.cf
so, if I understood well, I have to modify above like below: smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_client_access inline:{91.218.208.22=ok}, reject_unauth_destination, reject_rbl_client zen.spamhaus.org, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf am I right? Currently I am not advanced Postfix user, so I am afraid I wouldn't configure properly the cidr tables. 2018-06-12 8:54 GMT+02:00 Matus UHLAR - fantomas <uh...@fantomas.sk>: > On 12.06.18 07:32, Poliman - Serwis wrote: > >> Thank you for answer. If in main.cf must be two different >> check_client_access rules, so I should do: >> smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql- >> virtual_client.cf >> smtpd_client_restrictions = check_client_access inline:{91.218.208.22=ok} >> or maybe >> smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql- >> virtual_client.cf, check_client_access inline:{91.218.208.22=ok} >> >> Am I right? >> > > Neither one. as I said before: > > "But it won't help you in smtpd_client_restrictions, since the client is > rejected later in smtpd_recipient_restrictions" > > That means, you don't have to play with smtpd_client_restrictions. > > Hmm, if above won't help, how to configure smtpd_recipient_restrictions to >> unblock this specific ip 91.218.208.22 ? >> > > If you want to configure smtpd_recipient_restrictions (un)block an IP, you > must put proper "check_client_access" to smtpd_recipient_restrictions, > in front of the rule that blocks that IP. > > I'll keep the rest below undeleted because it still applies. > > I just add that I prefer using hash or cidr tables for these cases instead > of inline access lists - it's easier to ad whitelisted IPs to those tables. > > > 2018-06-11 16:24 GMT+02:00 Matus UHLAR - fantomas <uh...@fantomas.sk>: >> >> On 11.06.18 15:17, Poliman - Serwis wrote: >>> >>> Listed on lists related with Postfix, from my main.cf: >>>> smtpd_recipient_restrictions = permit_mynetworks, >>>> permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client >>>> zen.spamhaus.org, check_recipient_access mysql:/etc/postfix/ >>>> mysql-virtual_recipient.cf, check_recipient_access mysql:/etc/postfix/ >>>> mysql-virtual_policy_greylist.cf >>>> >>>> >>> - I recommend putting reject_rbl_client zen.spamhaus.org at the end of >>> rules >>> >>> - put check_client_access in front of reject_rbl_client, one that will >>> allow >>> IP 91.218.208.22 >>> >>> @Wietse >>>> Currently I have in main.cf: >>>> smtpd_client_restrictions = check_client_access mysql:/etc/postfix/ >>>> mysql-virtual_client.cf >>>> >>>> >>> Should this line be modified as: >>>> smtpd_client_restrictions = check_client_access >>>> inline:{91.218.208.22=ok } >>>> mysql:/etc/postfix/mysql-virtual_client.cf >>>> OR >>>> smtpd_client_restrictions = check_client_access mysql:/etc/postfix/ >>>> mysql-virtual_client.cf, inline:{91.218.208.22=ok } >>>> >>>> >>> it's not possible to use two parameters for check_client_access >>> - there must be two different check_client_access rules. >>> >>> But it won't help you in smtpd_client_restrictions, since the client is >>> rejected later in smtpd_recipient_restrictions >>> >>> Btw I am curious - is it possible to turn off ip verification only for >>>> clients? >>>> >>>> >>> for what clients? for your customers? >>> and which kind of IP verification? >>> >> > > -- > Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ > Warning: I wish NOT to receive e-mail advertising to this address. > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > The 3 biggets disasters: Hiroshima 45, Tschernobyl 86, Windows 95 > -- *Pozdrawiam / Best Regards* *Piotr Bracha*