|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: CIDR notation in access table ?
From: Wietse Venema (wietse
porcupine.org)Date: Mon Feb 21 2000 - 07:39:53 CST
- Next message: Vivek Khera: "Re: SASL"
- Previous message: Wietse Venema: "Re: "Connection refused" not skipped"
- In reply to: Michael J. Maravillo: "Re: CIDR notation in access table ?"
- Next in thread: LaMont Jones: "Re: CIDR notation in access table ?"
- Reply: Wietse Venema: "Re: CIDR notation in access table ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Michael J. Maravillo:
> Reason why I asked is that we'd like to restrict all e-mail coming
> from our network to have a FROM address in "fromthisdomainonly.com".
> I've checked the FAQ and couldn't find an appropriate answer.
/etc/postfix/main.cf:
smtpd_sender_restrictions = hash:/etc/postfix/access
/etc/postfix/access:
fromthisdomainonly.com permit_mynetworks reject
With this, the mynetworks parameter controls what IP addresses can
send mail as userfromthisdomainonly.com. It supports CIDR notation,
and I think you can even specify a /file/name if it is more convenient
to keep the data in a separate file.
Wietse
> I'm thinking in the line of using smtpd_sender_restrictions to get
> a match for client network address. Then, use a restriction class
> to check if sender has fromthisdomainonly.com.
>
> /etc/postfix/main.cf:
> smtpd_restriction_classes =
> from_should_be_local
> from_should_be_local =
> check_sender_access regexp:/etc/postfix/local_domains
> reject
> smtpd_sender_restrictions =
> hash:/etc/postfix/sender_restrictions
>
> /etc/postfix/sender_restrictions:
> 192.16.0.0/25 from_should_be_local
>
> /etc/postfix/local_domains:
> /fromthisdomainonly\.com$/ OK
>
> Is this the right way to formulate the restriction or can I use
> in any way the value of $mynetworks?
>
>
> TIA,
> Mike
>
> On Sun, Feb 20, 2000 at 12:18:03PM -0500, Wietse Venema wrote:
> >
> > > I'm trying to work on my UCE controls. "man 5 access" only mentions
> > > the following for host address matching. Is it possible to do CIDR
> > > notation here or it isn't just documented?
> >
> > Postfix access tables are usually implemented by indexed files, so
> > that a table can be searched without having to look at every entry.
> >
> > Doing CIDR with indexed files in a straightforward way would require
> > up to 32 table lookups.
> >
> > Doing CIDR in a sequential table is not a problem, and that is
> > what Postfix does with mynetworks and in a few other places.
> >
> > However, sequential tables become expensive when you have thousands
> > of CIDR expressions.
>
>
>
>
- Next message: Vivek Khera: "Re: SASL"
- Previous message: Wietse Venema: "Re: "Connection refused" not skipped"
- In reply to: Michael J. Maravillo: "Re: CIDR notation in access table ?"
- Next in thread: LaMont Jones: "Re: CIDR notation in access table ?"
- Reply: Wietse Venema: "Re: CIDR notation in access table ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]