|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: A Question About "check_client_access"
From: Noel Jones (njones
megan.vbhcs.org)
Date: Wed Oct 12 2005 - 12:55:17 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
At 10:56 AM 10/12/2005, Rich Shepard wrote:
> I've considered converting the whole file to a
> cidr table, but that's a lot
>of work.
And unnecessary. A hash table is fine if it suits
your needs. There's nothing inherently "better" about
a cidr table, they just give you a way to express
subnets that are not class A/B/C networks, which are
all you can specify in a hash.
>...
> I've had restrictions working for several years
> now, but I'm gaining
>greater insight from "The Book of Postfix". So far,
>I've read the first 10
>chapters. I've tuned the smtp restrictions based on
>what I've learned; the
>badip map has been in place a long time.
Choices:
- the IP doesn't match the table.
- the /24 or /32 address was matched in the table with
something other than REJECT.
- the client hostname was matched in the table with
something other than REJECT (name lookups are done
first).
- the message was allowed/whitelisted prior to the
badip table lookup.
- The message was addressed to <postmaster> or
<postmaster$myorigin>. These addresses bypass usual
restrictions.
without complete information, we're just speculating.
--
Noel Jones
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]