NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2001-01

Subject: Re: Testing smtpd_client_restrictions - Was: Tcpwrappers and postfix - restricting inbound connections
From: Lutz Jaenicke (Lutz.Jaenickeaet.TU-Cottbus.DE)
Date: Tue Jan 02 2001 - 15:30:13 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jan 02, 2001 at 02:52:55PM -0600, Karl O. Pinc wrote:
> I've got:
>
> smtpd_client_restrictions = permit_mynetworks, reject
>
> And I've tried it with:
>
> mynetworks = $myhostname, 127.0.0.0/8
> mynetworks = $myhostname/32,127.0.0.0/8
> and
> mynetworks = nnn.nnn.nnn.nnn/32, 127.0.0.0/8
> (where nnn.nnn.nnn.nnn is the ip of the machine running postfix)
>
> And I can still connect to port 25 and do a HELO from another machine.
>
> What am I doing wrong?

You have to take into account the smtpd_delay_reject parameter. If this
parameter is set to "yes" (the default), the actual check will only be
performed when the recipient is already known (this allows to include
the information into the logfile).
Since you want immediate rejection, set
smtpd_delay_reject = no

Best regards,
Lutz

-- 
Lutz Jaenicke                             Lutz.Jaenickeaet.TU-Cottbus.DE
BTU Cottbus               http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik                  Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus              Fax. +49 355 69-4153

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]