# postconf smtpd_client_restrictions smtpd_client_restrictions = reject_unknown_reverse_client_hostname, check_client_access hash:/etc/postfix/client_access, permit_sasl_authenticated
On 14/05/2018 12:00, Mike Guelfi wrote: > postmap is a lookup management tool; doing a query on an IP in a subnet > isn't going to succeed. > > You probably just forgot to enable client_access or reload postfix > > What does this return? > # postconf smtpd_client_restrictions > > Default is: > smtpd_client_restrictions = > > enabled would be: > smtpd_client_restrictions = check_client_access hash:/path/to/client_access > > Quoting jack <j...@jackpot.uk.net>: > >> Hi, >> >> In the online documentation for access tables >> (http://www.postfix.org/access.5.html), it says: >> >> Subnetworks are matched by repeatedly truncating >> the last ".octet" from the remote IPv4 host address >> string until a match is found in the access table, or >> until further truncation is not possible. >> >> This is supposedly subject only to the restriction that the table is an >> indexed file "such as DB or DBM". >> >> I have the following client_access table: >> 5.188.9 REJECT WebShield Network trying to hack Dovecot >> 2018-05-10 - test >> 5.188.9.1 REJECT WebShield Network trying to hack Dovecot >> 2018-05-10 >> >> I compile the table to create client_access.db: >> # postmap client_access >> >> I then try: >> # postmap -q 5.188.9.2 client_access >> [no output] >> >> # postmap -q 5.188.9.1 client_access >> REJECT WebShield Network trying to hack Dovecot 2018-05-10 >> >> The behaviour of postmap seems to be at odds with the documentation; >> specfically, it does not seem to be possible to match an address against >> an address-prefix in the table. Am I misunderstanding the docs, or do >> they need fixing? >> >> I haven't tried any of the other indexed lookup types; is there some >> other table type that works properly? Do I need to test them all to see >> if they comply with the docs? >> >> Thanks, >> -- >> Jack. > >
