NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2007-10

Re: access file not working as expected

From: mouss (mlist.onlyfree.fr)
Date: Thu Oct 11 2007 - 12:51:07 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Terry Carmen wrote:
>
> I don't mean to be exceptionally dense, it's just a little hard to
> figure out some of this from the docs. The above is an excellent
> explanation of what everything is looking at, and is a huge help.
>

postfix documentation is sometimes concise, but if you take the time to
really read it (that's what docs are for), you'll be compensated:

In particular,
http://www.postfix.org/DATABASE_README.html
is a must read.

The section "Postfix lookup table types" has a "Database files are
created with postmap..." for: btree, cdb, dbm, hash, sdbm. but no such
thing for other types.

> The postmap man page looked like it was saying that the cider table
> needed to be compiled,

If
# man postmap | grep cidr

returns anything, then you should check your postfix installation ;-p

In any case, the reference version is at
http://www.postfix.org/postmap.1.html
and does not include the word "cidr" at all.

and that same page says (Capitalization is mine):

         The postmap(1) command can query any supported file
        type, but it CAN CREATE ONLY the following file
        types:
then a list of file types follows, in which there is no cidr.

> however after reading this thread, it seems that
> I was mistaken. The cidr table works much better when not compiled and
> used in the section. 8-)

No, you are still wrong. the cidr table works the same whether you
"compile it" or not. It's just that you get useless .db files around.

# cd $dir/maps/cidr
# postmap mynetworks
# ls -1
...
mynetworks.db
...

No problems arise.

Your original problem was because you were trying to use cidr entries
with check_SENDER_access, which won't work except if you get mail from
someone whose email address is <192.0.2.1>.

Finally, don't use a single file for multiple purposes (both client and
sender checks for example). This only causes problems and surprises.
dedicate one file for each task. This way, not only it is easy to debug
errors by disabling one map, but it is also easy to see what map serves
what purpose. and you can write scripts to manage the maps...

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]