On 4/15/2014 3:02 PM, List wrote: > On 4/15/14, 2:50 PM, Noel Jones wrote: >> On 4/15/2014 2:27 PM, List wrote: >>> I am running postfix 2.6.6 and trying to setup check_client_access >>> using a mysql lookup under the smtpd_client_restrictions, which does >>> not appear to be rejecting clients when the query returns "REJECT" >>> (which has been confirmed to return "REJECT" using postmap -q xxx >>> mysql:..). When I change it to look at a hash file with the same >>> IP/REJECT entry it works perfectly, so I am wondering is using a >>> mysql lookup not supported for check_client_access under >>> smtpd_client_restrictions? >>> >> Yes, it's supported. You've not given sufficient information for us >> to identify your mistake. >> >> >> -- Noel Jones >> > > Hopefully this is what you're looking for. > > postconf -n: > > alias_database = hash:/etc/aliases > alias_maps = hash:/etc/aliases > broken_sasl_auth_clients = yes > command_directory = /usr/sbin > config_directory = /etc/postfix > daemon_directory = /usr/libexec/postfix > data_directory = /var/lib/postfix > debug_peer_level = 2 > default_destination_recipient_limit = 1000 > default_process_limit = 1000 > html_directory = no > inet_interfaces = all > inet_protocols = all > mail_owner = postfix > mailbox_size_limit = 52224000 > mailq_path = /usr/bin/mailq.postfix > manpage_directory = /usr/share/man > message_size_limit = 52224000 > mydestination = $myhostname, localhost.$mydomain, localhost > myhostname = server.domain.tld > mynetworks = $config_directory/mynetworks > newaliases_path = /usr/bin/newaliases.postfix > queue_directory = /var/spool/postfix > readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES > relayhost = relay.domain.tld > sample_directory = /usr/share/doc/postfix-2.6.6/samples > sendmail_path = /usr/sbin/sendmail.postfix > setgid_group = postdrop > smtp_data_done_timeout = 900s > smtp_data_init_timeout = 900s > smtp_data_xfer_timeout = 900s > smtp_helo_timeout = 900s > smtp_mail_timeout = 900s > smtp_tls_note_starttls_offer = yes > smtpd_client_event_limit_exceptions = static:all > smtpd_client_restrictions = check_client_access > mysql:/etc/postfix/access_check.cf > smtpd_delay_reject = no > smtpd_helo_required = yes > smtpd_recipient_restrictions = check_policy_service > inet:127.0.0.1:10000, check_client_access > mysql:/etc/postfix/authb4smtp.cf, permit_mynetworks, > permit_sasl_authenticated, reject_unauth_destination > smtpd_sasl_auth_enable = yes > smtpd_sasl_path = private/auth > smtpd_sasl_security_options = noanonymous > smtpd_sasl_type = dovecot > smtpd_sender_restrictions = reject_unknown_sender_domain, > reject_non_fqdn_sender, permit > smtpd_tls_auth_only = no > smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.crt > smtpd_tls_key_file = /etc/pki/tls/private/postfix.key > smtpd_tls_loglevel = 1 > smtpd_tls_received_header = yes > smtpd_tls_security_level = may > smtpd_tls_session_cache_database = > btree:/var/lib/postfix/smtpd_tls_cache > smtpd_tls_session_cache_timeout = 3600s > tls_random_source = dev:/dev/urandom > unknown_local_recipient_reject_code = 550 > > postconf -m > > btree > cidr > environ > hash > ldap > mysql > nis > pcre > proxy > regexp > static > unix > > check_access.cf query: > > SELECT COALESCE( (SELECT "REJECT" FROM harvesters h WHERE h.ip = > '%s' AND h.added BETWEEN DATE_SUB(NOW(), INTERVAL 30 MINUTE) AND > NOW() GROUP BY h.ip HAVING COUNT(h.ip) > 1), "DUNNO") >
How are you testing this? -- Noel Jones