Postfix block all but one IP as sender

by Zulakis   Last Updated January 13, 2018 21:00 PM

I'm trying to setup an additional Postfix smtpd service on a non-standard smtp port, which allows smtp auth without TLS to support an old printer which cannot use TLS (to send scans and reports via email). However, this printer should still provide a valid username and password.

This is the service definition in master.cf:

50025     inet  n       -       -       -       -       smtpd
  -o smtpd_tls_auth_only=no
  -o { smtpd_client_restrictions=check_client_access hash:/etc/postfix/printer_whitelist,permit_sasl_authenticated,reject }

And /etc/postfix/printer_whitelist:

8.8.8.8 OK
0.0.0.0/0 REJECT

In theory this should

  • reject all clients that don't have the IP 8.8.8.8
  • allow 8.8.8.8, but only if it authenticates successfully

In practice, the printer_whitelist table does not seem to work properly. I have tried 0.0.0.0/32 REJECT, 0.0.0.0 REJECT, * REJECT in addition to the reject defined above.

How can I match all clients to be rejected after the OK rule?



Related Questions



Postfix Deferred Queue Keeps Growing

Updated December 08, 2015 08:00 AM