|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Testing smtpd_client_restrictions - Was: Tcpwrappers and postfix - restricting inbound connections
From: Karl O. Pinc (kpinc
artic.edu)Date: Tue Jan 02 2001 - 15:53:05 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Thanks, that does it. FYI, looks like:
mynetworks = $myhostname, 127.0.0.0/8
works fine.
I guess if I really want _no_ dialog, not just a 554 error, I go back to
the inetd/tcpd solution.
>On Tue, Jan 02, 2001 at 02:52:55PM -0600, Karl O. Pinc wrote:
>> I've got:
>>
>> smtpd_client_restrictions = permit_mynetworks, reject
>>
>> And I've tried it with:
>>
>> mynetworks = $myhostname, 127.0.0.0/8
>> mynetworks = $myhostname/32,127.0.0.0/8
>> and
>> mynetworks = nnn.nnn.nnn.nnn/32, 127.0.0.0/8
>> (where nnn.nnn.nnn.nnn is the ip of the machine running postfix)
>>
>> And I can still connect to port 25 and do a HELO from another machine.
>>
>> What am I doing wrong?
>
>You have to take into account the smtpd_delay_reject parameter. If this
>parameter is set to "yes" (the default), the actual check will only be
>performed when the recipient is already known (this allows to include
>the information into the logfile).
>Since you want immediate rejection, set
> smtpd_delay_reject = no
>
>Best regards,
> Lutz
>--
>Lutz Jaenicke Lutz.Jaenickeaet.TU-Cottbus.DE
>BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
>Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
>Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
Karl
May the Legos (TM) always be swept from your path in the night.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]