Dennis Putnam:
> Thanks for the reply. It appears this is not supported with my version
> of Postfix (2.1.5). When I try this syntax:
>
> smtpd_helo_restrictions =
> check_client_access pcre:/etc/postfix/heloaccept.pcre
Sorry. "pcre" should be "cidr" everywhere in my reply. Some neurons
got crossed.
Wietse
> I get this error:
>
> fatal: unsupported dictionary type: pcre
>
> On Oct 28, 2009, at 8:16 AM, Wietse Venema wrote:
>
> > Dennis Putnam:
> >> It is beginning to appear this is my only alternative. However,
> >> maintaining a whilelist will require some special approvals by our
> >> security auditors. In any case, assuming I can get approval, is the
> >> syntax for this the same as the other hash files (ie. IP address
> >> followed by REJECT, OK, etc.)? Also, how do I set the default to be
> >> reject? My best hope for approval is to only need to add exceptions.
> >
> > I suggest using a CIDR table. These tables are read sequentially,
> > and the first matching pattern wins. The following makes exceptions
> > for two networks and applies reject_unknown_client for everyone else.
> >
> > /etc/postfix/main.cf:
> > smtpd_???_restrictions =
> > ...
> > check_client_access pcre:/etc/postfix/client_access.pcre
> > ...
> >
> > /etc/postfix/client_access.pcre:
> > 1.2.3.0/24 dunno
> > 5.6.7.0/24 dunno
> > 0.0.0.0/0 reject_unknown_client
> >
> > The syntax of the left-hand side is in the cidr_table(5) manpage
> > (man 5 cidr_table). The syntax of the right-hand side is in the
> > access(5) manpage (man 5 access).
> >
> > The real problem is that the DNS gives out (some or all) bad PTR
> > records for this client IP address.
> >
> > Wietse
> >
>
>
>
> Dennis Putnam
> Sr. IT Systems Administrator
> AIM Systems, Inc.
> 11675 Rainwater Dr., Suite 200
> Alpharetta, GA 30009
> Phone: 678-240-4112
> Main Phone: 678-297-0700
> FAX: 678-297-2666 or 770-576-1000
> The information contained in this e-mail and any attachments is
> strictly confidential. If you are not the intended recipient, any use,
> dissemination, distribution, or duplication of any part of this e-mail
> or any attachment is prohibited. If you are not the intended
> recipient, please notify the sender by return e-mail and delete all
> copies, including the attachments.
>
>
>
>
>
