Normally, specifying check_client_access in main.cf is very straightforward:
smtpd_recipient_restrictions =
permit_mynetworks,
check_client_access hash:/etc/postfix/client_access,
permit_sasl_authenticated,
reject
However, I want that to be carried through via an SMTPS session. Master.cf overrides the smtpd_recipient_restrictions parameter with a -o argument:
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
If I try to add check_client_access into to that line like this:
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=check_client_access hash:/etc/postfix/client_access,permit_mynetworks,permit_sasl_authenticated,reject
Postfix complains when an SMTPS connection comes in and it tries to run that command:
Dec 16 15:37:55 mail postfix/smtpd[9489]: fatal: unexpected command-line argument: hash:/etc/postfix/client_access,permit_mynetworks,permit_sasl_authenticated,reject
I've tried variations of adding quotes, etc, but can't find a way to get that to work. Any suggestions?