david rankin wrote:
List, Sandy:
I'm trying to do this (from man 5 access):
EXAMPLE The following example uses an indexed file, so that the order of table entries does not matter. The example permits access by the client at address 1.2.3.4 but rejects all other clients in 1.2.3.0/24. Instead of "hash" lookup tables, some systems use "dbm". Use the command "post- conf -m" to find out what lookup tables Postfix supports on your sys- tem.
/etc/postfix/main.cf: smtpd_client_restrictions = check_client_access hash:/etc/postfix/access
/etc/postfix/access: 1.2.3 REJECT 1.2.3.4 OK
So I did this:
main.cf: smtpd_client_restrictions = check_client_access hash:/etc/postfix/client_check
[root@bonza postfix]# cat client_check 218 REJECT 221 REJECT
postmap client_check postfix reload
But for some reason, it does not work as expected. It does this:
[root@bonza postfix]# postmap -q 221 hash:client_check REJECT [root@bonza postfix]# postmap -q 221.1.1.1 hash:client_check [root@bonza postfix]# postmap -q 221.2.1.1 hash:client_check
net Matches the specified IPv4 host address or subnetwork. An IPv4 host address is a sequence of four decimal octets sepaâ rated by ".". Subnetworks are matched by repeatedly truncating the last ".octet" from the remote IPv4 host address string until a match is found in the access table, or until further truncaâ tion is not possible. NOTE 1: The information in the access map should be in canonical form, with unnecessary null characters eliminated. Address information must not be enclosed with "[]" characâ ters. This is the important part here: NOTE 2: use the cidr lookup table type to specify netâ work/netmask patterns. See cidr_table(5) for details. If you use a cidr table you get: # cat client_check 218.0.0.0/8 REJECT 221.0.0.0/8 REJECT # postmap -q 221.1.1.1 cidr:client_check REJECT You could also use a pcre or regexp table. Sandy -- List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com