OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: CIDR notation in access table ?
From: Michael J. Maravillo (mike.maravilloramcargroup.com)
Date: Mon Feb 21 2000 - 05:46:17 CST

Reason why I asked is that we'd like to restrict all e-mail coming
from our network to have a FROM address in "fromthisdomainonly.com".
I've checked the FAQ and couldn't find an appropriate answer.

I'm thinking in the line of using smtpd_sender_restrictions to get
a match for client network address. Then, use a restriction class
to check if sender has fromthisdomainonly.com.

/etc/postfix/main.cf:
smtpd_restriction_classes =
        from_should_be_local
from_should_be_local =
        check_sender_access regexp:/etc/postfix/local_domains
        reject
smtpd_sender_restrictions =
        hash:/etc/postfix/sender_restrictions

/etc/postfix/sender_restrictions:
192.16.0.0/25 from_should_be_local

/etc/postfix/local_domains:
/fromthisdomainonly\.com$/ OK

Is this the right way to formulate the restriction or can I use
in any way the value of $mynetworks?

        TIA,
        Mike

On Sun, Feb 20, 2000 at 12:18:03PM -0500, Wietse Venema wrote:
>
> > I'm trying to work on my UCE controls. "man 5 access" only mentions
> > the following for host address matching. Is it possible to do CIDR
> > notation here or it isn't just documented?
>
> Postfix access tables are usually implemented by indexed files, so
> that a table can be searched without having to look at every entry.
>
> Doing CIDR with indexed files in a straightforward way would require
> up to 32 table lookups.
>
> Doing CIDR in a sequential table is not a problem, and that is
> what Postfix does with mynetworks and in a few other places.
>
> However, sequential tables become expensive when you have thousands
> of CIDR expressions.