|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: audit (audit
c2security.org)
Date: Mon Feb 04 2008 - 15:22:15 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Magnus Bäck wrote:
> Indexed tables (such as `hash') do not support CIDR notation. Again,
> read access(5). CIDR tables support CIDR notation, see cidr_table(5).
> If you only plan on blocking /8, /16, and /24 nets you could still
> use an indexed table.
>
> 61.129 REJECT
> 61.133 REJECT
>
> With the default value of smtpd_delay_reject you can place the
> restriction anywhere you want. You must however tell Postfix what type
> of restriction it is -- you can't just list the table file name and
> expect Postfix to figure out what you want to do. The following would
> work:
>
> smtpd_sender_restrictions =
> check_sender_mx_access cidr:/usr/local/etc/postfix/mx_access
>
>
I'm blocking a LOT more then just /8, /16, and /24 so I edited the
mx_access file to just include the REJECT on right side and left the
blocks in, ran a /usr/local/etc/rc.d/postfix reload and no errors in the
mail logs after I added the line
smtpd_sender_restrictions = check_sender_mx_access cidr:/usr/local/etc/postfix/mx_access
towards the bottom of my main.cf by the stuff I had to put in for mailman. I'll continue to watch the mail logs and make sure I don't see any issues.
Thanks
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]