On 09/24/10 01:10, Sahil Tandon wrote: > On Thu, 2010-09-23 at 21:37:40 -0400, Michael Orlitzky wrote: > >> check_client_access pcre:/<fudged>/generic_rbl_clients.pcre, >> >> The content of generic_rbl_clients.pcre: >> >> # sutton-partners.com >> /^64\.191\.79\.245$/ public_rbls >> >> # mabel.ca >> /^70\.38\.108\.42$/ public_rbls >> >> # dsnews.com >> /^209\.172\.40\.21[157]$/ public_rbls >> >> # Default: check these lists. >> # >> /./ all_rbls >> >> However, 64.191.79.245 is still being subjected to the private RBL check: >> >> Sep 23 10:05:42 mx1 postfix/smtpd[12164]: connect from >> unknown[64.191.79.245] > ^^^^^^^ > > % host 64.191.79.245 > 245.79.191.64.in-addr.arpa domain name pointer sutton-partners.com. > % host sutton-partners.com > sutton-partners.com has address 64.202.189.170 > > /./ is greedy! Explore check_reverse_client_hostname_access; and if > it suits your needs, thank Noel Jones. :) >
Ok, I see what's going on. 'unknown' gets looked up first, and so /./ matches it before the client IP address gets looked up. Wouldn't check_reverse_client_hostname_access suffer the same fate? I think switching to a CIDR map probably avoids matching the 'unknown'; I'll give that a try.