On Fri, 22 Aug 2008, Michael G. Reed wrote:
Worked like a champ. (for anyone else interested, put "OK"
for "dunno" below and you're good to go :). Thanks!
Take CAREFUL consideration in using "OK". It can open your server up like
a can of worms. Telling Postfix OK will bypass all further restrictions in
whatever smtpd_*_restrictions section you have it listed in.
According to 'man 5 access', DUNNO will pretend the lookup key was not
found and continue on with the next restriction.
On Fri, 22 Aug 2008, Wietse Venema wrote:
|> Wietse Venema:
|> > Michael G. Reed:
|> > > I've been looking around to see how I can deal with a
|> > > particular site that doesn't report a FQDN in the HELO/EHLO line. I
|> > > have smtpd_recipient_restrictions containing:
|> > >
|> > > reject_non_fqdn_sender
|> > > reject_non_fqdn_recipient
|> > > reject_non_fqdn_hostname
|> > >
|> > > to help with SPAM issues. I want these enforced for everyone EXCEPT
|> > > one site (heck, one IP) that needs to talk to me (but I've been unable
|> > > to get their admin to fix their broken configuration). Is this
|> > > possible or am I just missing something really obvious? Any pointers
|> > > would be greatly appreciated. Thanks!
|>
|> Sorry, I used PCRE instead of CIDR. Corrected version follows.
|>
|> Wietse
|>
|> Perhaps:
|>
|> /etc/postfix/main.cf:
|> smtpd_recipient_restrictions =
|> ...
|> check_client_access cidr:/etc/postfix/client_cidr
|> ...
|>
|> /etc/postfix/client_cidr:
|> 192.168.0.1/32 dunno
|> 0.0.0.0/0 reject_non_fqdn_sender, reject_non_fqdn_recipient,
...
|> ::/0 reject_non_fqdn_sender, reject_non_fqdn_recipient, ...
|>
|> Not intuitive, but effective.
|>
|> man 5 access
|> man 5 cidr_table
|>
|> Wietse
-d
