We have client domains on Office 365 and Google. The only way I have found to allow relay messages from Google/Office 365 is by adding all of their MX IPs to our "mynetworks" in main.cf. Is there a better way to allow relays from those IPs without using "mynetworks"? I prefer to keep as much configuration in the ISP databases as possible, instead of editing configuration files directly. There are so many IPs in their SPF/MX list that it is difficult to manage in the configuration file directly. Possibly with global postfix Email Whitelist (smtpd_client_restrictions)?
I don't understand what the issue is offhand, domainA.com mail is handled by say O365, and they send to domainB.com on your server and are rejected? I'm sure I don't have a complete picture of what's going on, including any relaying. But if that is happening, what is the reason for rejection? (check mail logs)
I am not so sure I understand you either but the following did share a way of managing several domains relay to mailgun which may be useful to your case: https://www.howtoforge.com/communit...elays-for-different-domains-in-postfix.82711/
It looks like the Global Whitelist/Blacklist is included in the smtp/d client/recipient checks. I assume I can use the Global Whitelist "client" list to whitelist an IP that I want to accept all mail from. Does the "Global Whitelist" allow entries with CIDR notation for clients?
I presume you mean 'Postfix Whitelist'? The Postfix Whitelist is implemented as a database query, it does not support CIDR ranges.
