[courier-users] CIDR/VLSM notation w/ makedat(8) revisited

Tue, 17 Jun 2003 14:32:34 -0700 

I must have been asleep at the terminal when i wrote this original
message, because it's now working perfectly fine.  If possible, I would
recommend including some example notation in the smptaccess.dist file,
and possibly a reference URL such as the one I've been shamelessly
plugging recently:


http://digitalfreaks.org/~lavalamp/CIDR.html

Anyway, example smtpaccess file w/ CIDR/VLSM notation:

% more /usr/pkg/etc/courier/smtpaccess
# LAN
127.0.0.1/32            allow,RELAYCLIENT
10.100.0.0/21           allow,RELAYCLIENT
66.95.8.160/27          allow,RELAYCLIENT
# deny mail from compromized wind0z3 boxes at stargate
216.151.124.0/24        allow,BLOCK="Any lifesigns? Negative..."
# RFC 1918 shouldn't be sending mail
172.16.0.0/19           deny
192.168.0.0/16          deny


Here is an example of smptaccess calling makedat and the CIDR expansion:

% cat /usr/pkg/etc/courier/smtpaccess | sh -x /var/tmp/net_cidr_debug.pl


# LAN
127.0.0.1       allow,RELAYCLIENT
10.100.0        allow,RELAYCLIENT
10.100.1        allow,RELAYCLIENT
10.100.2        allow,RELAYCLIENT
10.100.3        allow,RELAYCLIENT
10.100.4        allow,RELAYCLIENT
10.100.5        allow,RELAYCLIENT
10.100.6        allow,RELAYCLIENT
10.100.7        allow,RELAYCLIENT
66.95.8.160     allow,RELAYCLIENT
66.95.8.161     allow,RELAYCLIENT
66.95.8.162     allow,RELAYCLIENT
66.95.8.163     allow,RELAYCLIENT
66.95.8.164     allow,RELAYCLIENT
66.95.8.165     allow,RELAYCLIENT
66.95.8.166     allow,RELAYCLIENT
66.95.8.167     allow,RELAYCLIENT
66.95.8.168     allow,RELAYCLIENT
66.95.8.169     allow,RELAYCLIENT
66.95.8.170     allow,RELAYCLIENT
66.95.8.171     allow,RELAYCLIENT
66.95.8.172     allow,RELAYCLIENT
66.95.8.173     allow,RELAYCLIENT
66.95.8.174     allow,RELAYCLIENT
66.95.8.175     allow,RELAYCLIENT
66.95.8.176     allow,RELAYCLIENT
66.95.8.177     allow,RELAYCLIENT
66.95.8.178     allow,RELAYCLIENT
66.95.8.179     allow,RELAYCLIENT
66.95.8.180     allow,RELAYCLIENT
66.95.8.181     allow,RELAYCLIENT
66.95.8.182     allow,RELAYCLIENT
66.95.8.183     allow,RELAYCLIENT
66.95.8.184     allow,RELAYCLIENT
66.95.8.185     allow,RELAYCLIENT
66.95.8.186     allow,RELAYCLIENT
66.95.8.187     allow,RELAYCLIENT
66.95.8.188     allow,RELAYCLIENT
66.95.8.189     allow,RELAYCLIENT
66.95.8.190     allow,RELAYCLIENT
66.95.8.191     allow,RELAYCLIENT
# deny mail from compromized wind0z3 boxes at stargate
216.151.124     allow,BLOCK="Any lifesigns? Negative..."
# RFC 1918 shouldn't be sending mail
172.16.0        deny
172.16.1        deny
172.16.2        deny
172.16.3        deny
172.16.4        deny
172.16.5        deny
172.16.6        deny
172.16.7        deny
172.16.8        deny
172.16.9        deny
172.16.10       deny
172.16.11       deny
172.16.12       deny
172.16.13       deny
172.16.14       deny
172.16.15       deny
172.16.16       deny
172.16.17       deny
172.16.18       deny
172.16.19       deny
172.16.20       deny
172.16.21       deny
172.16.22       deny
172.16.23       deny
172.16.24       deny
172.16.25       deny
172.16.26       deny
172.16.27       deny
172.16.28       deny
172.16.29       deny
172.16.30       deny
172.16.31       deny
192.168 deny


On Thu, 2003-06-05 at 14:39, Brian A. Seklecki wrote:
> according to makedat(1):
> 
>        The -cidr flag specifies that the key is an IP netblock in
>        CIDR  notation. This flag requires the Net::CIDR Perl mod-
>        ule to be installed separately.  Download  Net::CIDR  from
>        http://www.cpan.org.
> 
> ...and makedat(1) is used to build smtpaccess.dat from smtpaccess, so I
> was under the impression i might be able to have blocks such as:
> 
> 127.0.0.1/24     allow,RELAYCLIENT
> 10.100.0.0/24    allow,RELAYCLIENT
> 66.95.8.166/27   allow,RELAYCLIENT
> 
> ...however that is definately not working.  relaying denied errors ... a
> quick run through:
> 
> /usr/pkg/bin/courier/makedat -src=/usr/pkg/etc/courier/smtpaccess
> -file=/usr/pkg/etc/courier/smtpaccess.dat
> -tmp=/usr/pkg/etc/courier/smtpaccess.tmp -cidr
> 
> seems to reveal it finding Net:CIDR in /usr/pkg/lib/perl5/5.8.0/Net just
> fine.
> 
> Ideas anyone?
> 
> Thanks,
> -Brian
> 
> 
> 
> -------------------------------------------------------
> This SF.net email is sponsored by:  Etnus, makers of TotalView, The best
> thread debugger on the planet. Designed with thread debugging features
> you've never dreamed of, try TotalView 6 free at www.etnus.com.
> _______________________________________________
> courier-users mailing list
> [EMAIL PROTECTED]
> Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
-- 
Thanks,
        -Brian

NOTE: When replying to a mailing list post, please be sure to reply to
the /list/ and cc: or bcc: myself as I am unable to promise a timely
response.



-------------------------------------------------------
This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
_______________________________________________
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Reply via email to