On 20/1/2012 10:54 μμ, Wietse Venema wrote:
> seems to me the same to use:
> smtpd_client_restrictions = check_client_access
> cidr:/etc/postfix/gwservers.cidr
> where gwservers.cidr is:
> xxx.xxx.xxx.xxx OK
> xxx.xxx.xxx.xxx OK
> 0.0.0.0/0 reject unauthorized client, please use our MX
This "passes" IPv6 clients that match no rule.
Thanks Wietsie.
I understand.
However, we could formulate gwservers.cidr as (for example):
xxx.xxx.xxx.xxx OK
xxx.xxx.xxx.xxx OK
127.0.0.1 OK
xxxx:xxxx:xxxx:xxxx::xxxx:xxxx OK
xxxx:xxxx:xxxx:xxxx::xxxx OK
::1 OK
0.0.0.0/0 reject unauthorized client, please use our MX
::/0 reject unauthorized client, please use our MX
and then, using the above file with:
smtpd_client_restrictions = check_client_access
cidr:/etc/postfix/gwservers.cidr
would be practically the same with using the following with a
gwservers.cidr*without* the last two lines:
smtpd_client_restrictions = check_client_access
cidr:/etc/postfix/gwservers.cidr,reject
of course only if there is nothing else before the ending ",reject" (in the
latter).
Additionally, it wouldn't hurt to add ",reject" to the former, but it would
never be evaluated.
So, I would tend to think it's more flexible to use the second type, because we could
later add more rules before the ending ",reject".
Am I right in the above?
Thanks again, to both you and Charles who assisted me in clarifying things.
Nick
