|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: A Question About "check_client_access"
From: Rich Shepard (rshepard
appl-ecosys.com)
Date: Wed Oct 12 2005 - 10:06:20 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wed, 12 Oct 2005, mouss wrote:
> In general, if a client is not blocked, this is because no reject rule was
> applied to it, and in particular, it didn't match a client_access rule that
> rejects it.
I guess I was not sufficiently clear.
The first 16 bits in the IP address are listed in the client_access rule,
and 'reject' is the action to be taken.
> - do all entries in badip have "REJECT" as the right hand side (the result
> field) or do you use different results?
Yes.
> - what is the format of the IPs that don't get caught? post a full line of
> this (replace digits by 'd' if you want, but keep dots and other chars).
It is analagous to
Received: from <some_domain_name> (IP address unknown[xx.yyy.z.ddd])
My understanding of the postfix restrictions is that 1) the
'reject_unknown_sender_domain' checked the IP address and rejected it if it
was unknown and 2) the entry in 'check_client_access hash:/etc/postfix/badip'
would also catch it if xx.yyy was listed in that map file.
Rich
--
Dr. Richard B. Shepard, President | Author of "Quantifying Environmental
Applied Ecosystem Services, Inc. (TM) | Impact Assessments Using Fuzzy Logic"
<http://www.appl-ecosys.com> Voice: 503-667-4517 Fax: 503-667-8863
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]