Failing to match subdomains in check_client_access

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Failing to match subdomains in check_client_access

Ed Wildgoose-2
I am trying to whitelist some tricky servers that I don't want to block
using my RBL choices.  Lets pretend it's yahoo for the sake or argument
and that they have server names like

check_client_access    hash:/etc/postfix/rbl_client_exceptions,

this contains:
.yahoo.com OK

I then postmap it, but later on I see blocked by my RBL (which is listed
later in my restrictions list):

Jun 25 18:12:24 mail1 postfix/smtpd[19059]: NOQUEUE: reject: RCPT from
n2d.bullet.mail.ac4.yahoo.com[76.13.13.86]: 554 5.7.1 Service
unavailable; Client host [76.13.13.86] blocked using psbl.surriel.com;
Listed in PSBL, see http://psbl.surriel.com/listing?ip=76.13.13.86;

I presume I am doing something silly.  Can someone please put me
straight?  (Postfix 2.4.6)

Ed W

Reply | Threaded
Open this post in threaded view
|

Re: Failing to match subdomains in check_client_access

Magnus Bäck
On Thursday, July 10, 2008 at 13:22 CEST,
     Ed W <[hidden email]> wrote:

> I am trying to whitelist some tricky servers that I don't want to block
> using my RBL choices.  Lets pretend it's yahoo for the sake or argument
> and that they have server names like
>
> check_client_access    hash:/etc/postfix/rbl_client_exceptions,
>
> this contains:
> .yahoo.com OK
>
> I then postmap it, but later on I see blocked by my RBL (which is listed
> later in my restrictions list):

Unless you have removed smtpd_access_maps from
parent_domain_matches_subdomains this is the wrong lookup key.
See the fine print of access(5).

     domain.tld
          Matches domain.tld as  the  domain  part  of  an  email
          address.

          The pattern domain.tld  also  matches  subdomains,  but
          only when the string smtpd_access_maps is listed in the
          Postfix parent_domain_matches_subdomains  configuration
          setting  (note  that  this is the default for some ver-
          sions  of  Postfix).   Otherwise,  specify  .domain.tld
          (note the initial dot) in order to match subdomains.

--
Magnus Bäck
[hidden email]