Viktor Dukhovni:
> On Mon, Mar 16, 2020 at 09:06:00AM +0100, Robby Van Mieghem wrote:
> 
> > smtpd_client_restrictions =
> >   check_client_access cidr:${config_directory}/client_access,
> >   reject
> > 
> > # EOP ranges as indicated by MS
> > 23.103.132.0/22 OK
> > 23.103.136.0/21 OK
> > 23.103.156.0/22 OK
> > 23.103.198.0/24 OK
> > 23.103.200.0/22 OK
> > 23.103.212.0/22 OK
> 
> Unsurpringly, this returns "OK" for the listed entries, and
> no result otherwise, which then in "smtpd_client_restrictions"
> falls through to "reject".
> 
> > Tried testing it also with:
> >
> >  $  postmap -q "1.1.1.1" cidr:/etc/postfix-EOP2DC/client_access
> >
> > ? no result
> 
> As expected, since "1.1.1.1" does not appear to be listed in the CIDR
> table.
> 
> > So it generally allows every IP now...
> 
> No, that's not the right conclusion.

To test access rules properly, use XCLIENT.
http://www.postfix.org/XCLIENT_README.html

        Wietse

Reply via email to