[pfx] Re: smtpd_discard_ehlo_keyword_address_maps all but internal

2024-03-21 Thread Viktor Dukhovni via Postfix-users 
On Thu, Mar 21, 2024 at 11:06:12AM -0500, Noel Jones via Postfix-users wrote:

> > Surely the generalisation is:
> > 
> >smtpd_discard_ehlo_keyword_address_maps =
> >cidr:{
> >  {if 0.0.0.0/0}
> >  # Private IPv4 addresses
> >  {!10.0.0.0/8  silent-discard,dsn}
> 
> Seems to me 172. and 192. would match the above line.
> Does cidr support DUNNO?

Oops, indeed you're right, but this is solvable:

if 0.0.0.0/1
!10.0.0.0/8 silent-discard,dsn
endif
if 128.0.0.0/2
!172.16.0.0/12 silent-discard,dsn
endif
if 192.0.0.0/2
!192.168.0.0/16 silent-discard,dsn
endif

DUNNO is not a table-layer "no result" primitive, it is an access(5) RHS
keyword, so does not apply with ehlo keyword discard rules.

-- 
Viktor.
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: smtpd_discard_ehlo_keyword_address_maps all but internal

2024-03-21 Thread Matus UHLAR - fantomas via Postfix-users 

On Thu, Mar 21, 2024 at 03:20:23PM +0100, Matus UHLAR - fantomas via 
Postfix-users wrote:


Wietse Venema via Postfix-users:

smtpd_discard_ehlo_keyword_address_maps =
cidr:{ {!10/8  silent-discard,dsn} }


On 23.02.24 11:12, Wietse Venema via Postfix-users wrote:

But that does not generalize to hosts with IPv4 and IPv6. In that case,
your approach will be more suitable.



On 3/21/2024 10:21 AM, Viktor Dukhovni via Postfix-users wrote:

Surely the generalisation is:

  smtpd_discard_ehlo_keyword_address_maps =
  cidr:{
{if 0.0.0.0/0}
# Private IPv4 addresses
{!10.0.0.0/8  silent-discard,dsn}


On 21.03.24 11:06, Noel Jones via Postfix-users wrote:

Seems to me 172. and 192. would match the above line.
Does cidr support DUNNO?


CIDR should, but smtpd_discard_ehlo_keyword_address_maps would understand it 
as drop "DUNNO" kwyerd.  That's why I used plain "silent-discard" in my 
example instead.



{!172.16.0.0/12  silent-discard,dsn}
{!192.168.0.0/16  silent-discard,dsn}


I understand this as any address outside 10/8 would match the first 
!10.0.0.0/8, adress in 10/8 would match the second !172.16.0.0/12 thus
third line would never be tried and all addresses would return 
"silent-discard,dsn" like this:


{if 0.0.0.0/0}
# Private IPv4 addresses
{10.0.0.0/8 silent-discard}
{172.16.0.0/12  silent-discard}
{192.168.0.0/16 silent-discard}
{0.0.0.0/0  silent-discard,dsn}
{endif}



{endif}
{if ::/0}
# Unique local, site and link local IPv6 addresses
{!fc00::/7  silent-discard,dsn}
{!fe80::/9  silent-discard,dsn}
{endif}
}

Each set of negative rules can be constrained to its address family by
enclosing it in an if..endif block.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows found: (R)emove, (E)rase, (D)elete
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: smtpd_discard_ehlo_keyword_address_maps all but internal

2024-03-21 Thread Noel Jones via Postfix-users 

On 3/21/2024 10:21 AM, Viktor Dukhovni via Postfix-users wrote:

On Thu, Mar 21, 2024 at 03:20:23PM +0100, Matus UHLAR - fantomas via 
Postfix-users wrote:


Wietse Venema via Postfix-users:

smtpd_discard_ehlo_keyword_address_maps =
 cidr:{ {!10/8  silent-discard,dsn} }


On 23.02.24 11:12, Wietse Venema via Postfix-users wrote:

But that does not generalize to hosts with IPv4 and IPv6. In that case,
your approach will be more suitable.


Surely the generalisation is:

   smtpd_discard_ehlo_keyword_address_maps =
   cidr:{
 {if 0.0.0.0/0}
 # Private IPv4 addresses
 {!10.0.0.0/8  silent-discard,dsn}


Seems to me 172. and 192. would match the above line.
Does cidr support DUNNO?


  -- Noel Jones




 {!172.16.0.0/12  silent-discard,dsn}
 {!192.168.0.0/16  silent-discard,dsn}
 {endif}
 {if ::/0}
 # Unique local, site and link local IPv6 addresses
 {!fc00::/7  silent-discard,dsn}
 {!fe80::/9  silent-discard,dsn}
 {endif}
 }

Each set of negative rules can be constrained to its address family by
enclosing it in an if..endif block.



___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: smtpd_discard_ehlo_keyword_address_maps all but internal

2024-03-21 Thread Viktor Dukhovni via Postfix-users 
On Thu, Mar 21, 2024 at 03:20:23PM +0100, Matus UHLAR - fantomas via 
Postfix-users wrote:

> > Wietse Venema via Postfix-users:
> > > smtpd_discard_ehlo_keyword_address_maps =
> > > cidr:{ {!10/8  silent-discard,dsn} }
> 
> On 23.02.24 11:12, Wietse Venema via Postfix-users wrote:
> > But that does not generalize to hosts with IPv4 and IPv6. In that case,
> > your approach will be more suitable.

Surely the generalisation is:

  smtpd_discard_ehlo_keyword_address_maps =
  cidr:{ 
{if 0.0.0.0/0}
# Private IPv4 addresses
{!10.0.0.0/8  silent-discard,dsn}
{!172.16.0.0/12  silent-discard,dsn}
{!192.168.0.0/16  silent-discard,dsn}
{endif}
{if ::/0}
# Unique local, site and link local IPv6 addresses
{!fc00::/7  silent-discard,dsn}
{!fe80::/9  silent-discard,dsn}
{endif}
}

Each set of negative rules can be constrained to its address family by
enclosing it in an if..endif block.

-- 
Viktor.
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: smtpd_discard_ehlo_keyword_address_maps all but internal

2024-03-21 Thread Matus UHLAR - fantomas via Postfix-users 

Matus UHLAR - fantomas via Postfix-users:
> as I maintain some mail gateways with postfix, I would like to discard the
> DSN ehlo keyword, from all hosts but internal network.
>
> I see that with smtpd_discard_ehlo_keyword_address_maps
> "Tables will be searched in the specified order until a match is found."
>
> but is it possible to allow all keywords from internal network and drop DSN
> from everywhere else?
>
> should I use workaround and use dummy silend-discard without other keyword?
>
> smtpd_discard_ehlo_keyword_address_maps =
>  cidr:{ {10/8 silent-discard} {0/0 silent-discard,dsn} }



Wietse Venema via Postfix-users:

smtpd_discard_ehlo_keyword_address_maps =
cidr:{ {!10/8  silent-discard,dsn} }


On 23.02.24 11:12, Wietse Venema via Postfix-users wrote:

But that does not generalize to hosts with IPv4 and IPv6. In that case,
your approach will be more suitable.


Thank you.

For evidence, I have set it up only on port 25 using master.cf:

smtp  inet  n   -   y   -   1   postscreen
smtpd pass  -   -   y   -   -   smtpd
  -o smtpd_discard_ehlo_keywords=silent-discard,dsn

thus, it does not apply on submission and smtps ports 
and main.cf:


smtpd_discard_ehlo_keyword_address_maps = cidr:/etc/postfix/discard_keywords

/etc/postfix/discard_keywords contains:

10.0.0.0/8  silent-discard
192.168.0.0/16  silent-discard

This way, I was able to also discard other keywords from other internal 
clients.



--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
- Holmes, what kind of school did you study to be a detective?
- Elementary, Watkins.  -- Daffy Duck & Porky Pig
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: smtpd_discard_ehlo_keyword_address_maps all but internal

2024-02-23 Thread Wietse Venema via Postfix-users 
Wietse Venema via Postfix-users:
> Matus UHLAR - fantomas via Postfix-users:
> > hello,
> > 
> > as I maintain some mail gateways with postfix, I would like to discard the 
> > DSN ehlo keyword, from all hosts but internal network.
> > 
> > I see that with smtpd_discard_ehlo_keyword_address_maps 
> > "Tables will be searched in the specified order until a match is found."
> > 
> > but is it possible to allow all keywords from internal network and drop DSN 
> > from everywhere else?
> > 
> > should I use workaround and use dummy silend-discard without other keyword?
> > 
> > smtpd_discard_ehlo_keyword_address_maps =
> >  cidr:{ {10/8 silent-discard} {0/0 silent-discard,dsn} }
> 
> smtpd_discard_ehlo_keyword_address_maps =
> cidr:{ {!10/8  silent-discard,dsn} }

But that does not generalize to hosts with IPv4 and IPv6. In that case,
your approach will be more suitable.

> > Does smtpd_discard_ehlo_keyword_address_maps override value in
> > smtpd_discard_ehlo_keywords if a match is found?
> 
> Yes. Otherwise, smtpd_discard_ehlo_keyword_address_maps would
> be usless.
> 
>   Wietse
> ___
> Postfix-users mailing list -- postfix-users@postfix.org
> To unsubscribe send an email to postfix-users-le...@postfix.org
> 
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: smtpd_discard_ehlo_keyword_address_maps all but internal

2024-02-23 Thread Wietse Venema via Postfix-users 
Matus UHLAR - fantomas via Postfix-users:
> hello,
> 
> as I maintain some mail gateways with postfix, I would like to discard the 
> DSN ehlo keyword, from all hosts but internal network.
> 
> I see that with smtpd_discard_ehlo_keyword_address_maps 
> "Tables will be searched in the specified order until a match is found."
> 
> but is it possible to allow all keywords from internal network and drop DSN 
> from everywhere else?
> 
> should I use workaround and use dummy silend-discard without other keyword?
> 
> smtpd_discard_ehlo_keyword_address_maps =
>  cidr:{ {10/8 silent-discard} {0/0 silent-discard,dsn} }

smtpd_discard_ehlo_keyword_address_maps =
cidr:{ {!10/8  silent-discard,dsn} }

> Does smtpd_discard_ehlo_keyword_address_maps override value in
> smtpd_discard_ehlo_keywords if a match is found?

Yes. Otherwise, smtpd_discard_ehlo_keyword_address_maps would
be usless.

Wietse
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org