Dennis Putnam:
> Thanks for the reply. It appears this is not supported with my version  
> of Postfix (2.1.5). When I try this syntax:
> 
> smtpd_helo_restrictions =
>          check_client_access pcre:/etc/postfix/heloaccept.pcre

Sorry. "pcre" should be "cidr" everywhere in my reply. Some neurons
got crossed.

        Wietse

> I get this error:
> 
> fatal: unsupported dictionary type: pcre
> 
> On Oct 28, 2009, at 8:16 AM, Wietse Venema wrote:
> 
> > Dennis Putnam:
> >> It is beginning to appear this is my only alternative. However,
> >> maintaining a whilelist will require some special approvals by our
> >> security auditors. In any case, assuming I can get approval, is the
> >> syntax for this the same as the other hash files (ie. IP address
> >> followed by REJECT, OK, etc.)? Also, how do I set the default to be
> >> reject? My best hope for approval is to only need to add exceptions.
> >
> > I suggest using a CIDR table. These tables are read sequentially,
> > and the first matching pattern wins. The following makes exceptions
> > for two networks and applies reject_unknown_client for everyone else.
> >
> > /etc/postfix/main.cf:
> >    smtpd_???_restrictions =
> >     ...
> >     check_client_access pcre:/etc/postfix/client_access.pcre
> >     ...
> >
> > /etc/postfix/client_access.pcre:
> >    1.2.3.0/24      dunno
> >    5.6.7.0/24      dunno
> >    0.0.0.0/0       reject_unknown_client
> >
> > The syntax of the left-hand side is in the cidr_table(5) manpage
> > (man 5 cidr_table).  The syntax of the right-hand side is in the
> > access(5) manpage (man 5 access).
> >
> > The real problem is that the DNS gives out (some or all) bad PTR
> > records for this client IP address.
> >
> >     Wietse
> >
> 
> 
> 
> Dennis Putnam
> Sr. IT Systems Administrator
> AIM Systems, Inc.
> 11675 Rainwater Dr., Suite 200
> Alpharetta, GA  30009
> Phone: 678-240-4112
> Main Phone: 678-297-0700
> FAX: 678-297-2666 or 770-576-1000
> The information contained in this e-mail and any attachments is  
> strictly confidential. If you are not the intended recipient, any use,  
> dissemination, distribution, or duplication of any part of this e-mail  
> or any attachment is prohibited. If you are not the intended  
> recipient, please notify the sender by return e-mail and delete all  
> copies, including the attachments.
> 
> 
> 
> 
> 

Reply via email to