regular access file vs CIDR

classic Classic list List threaded Threaded
14 messages Options
Reply | Threaded
Open this post in threaded view
|

regular access file vs CIDR

Stan Hoeppner
What changes would I need to make in order to start using CIDR notation
in my access file?  I'm currently using the standard hashed access file.
Reply | Threaded
Open this post in threaded view
|

Re: regular access file vs CIDR

Henrik K
On Thu, Aug 07, 2008 at 01:36:08PM -0500, Stan Hoeppner wrote:
> What changes would I need to make in order to start using CIDR notation  
> in my access file?  I'm currently using the standard hashed access file.

http://www.postfix.org/documentation.html

Lookup table overview --> http://www.postfix.org/DATABASE_README.html

All Postfix lookup tables are specified as "type:table", where "type" is one
of the database types described under "Postfix lookup table types" at the
end of this document ...

cidr
A table that associates values with Classless Inter-Domain Routing
(CIDR) patterns. The table format is described in cidr_table(5).

http://www.postfix.org/cidr_table.5.html

Reply | Threaded
Open this post in threaded view
|

Re: regular access file vs CIDR

Stan Hoeppner
Henrik K wrote:

> On Thu, Aug 07, 2008 at 01:36:08PM -0500, Stan Hoeppner wrote:
>> What changes would I need to make in order to start using CIDR notation  
>> in my access file?  I'm currently using the standard hashed access file.
>
> http://www.postfix.org/documentation.html
>
> Lookup table overview --> http://www.postfix.org/DATABASE_README.html
>
> All Postfix lookup tables are specified as "type:table", where "type" is one
> of the database types described under "Postfix lookup table types" at the
> end of this document ...
>
> cidr
> A table that associates values with Classless Inter-Domain Routing
> (CIDR) patterns. The table format is described in cidr_table(5).
>
> http://www.postfix.org/cidr_table.5.html

That really didn't answer my question.  I guess I need to be more specific:

Is the CIDR file a plain text flat file?  Do I need to run any commands
against it to do the binary conversions or is that something Postfix
does automatically on the fly?

I'm a bit confused because I'm "coming from" using a hashed db file.
The documentation doesn't state what the actual file type of a CIDR file
is, it just says it's not in dbm or db format:

The  Postfix  mail  system  uses  optional  lookup tables.
        These tables are usually in dbm or  db  format.   Alterna-
        tively,  lookup tables can be specified in CIDR (Classless
        Inter-Domain Routing) form.


I.e., can I just edit my access file, converting the dotted doubles,
triples, and quads to CIDR slash notation, and use it as my CIDR file?

Reply | Threaded
Open this post in threaded view
|

Re: regular access file vs CIDR

Rich Shepard
On Thu, 7 Aug 2008, Stan Hoeppner wrote:

> Is the CIDR file a plain text flat file?

Stan,

   Yes. A representative line:

222.111.0.0/12          550 Rejected IP address.

> Do I need to run any commands against it to do the binary conversions or
> is that something Postfix does automatically on the fly?

   Yes:

  check_client_access cidr:/etc/postfix/badip,

> I.e., can I just edit my access file, converting the dotted doubles, triples,
> and quads to CIDR slash notation, and use it as my CIDR file?

   Yup. That's what I did.

Rich

--
Richard B. Shepard, Ph.D.               |  Integrity            Credibility
Applied Ecosystem Services, Inc.        |            Innovation
<http://www.appl-ecosys.com>     Voice: 503-667-4517      Fax: 503-667-8863
Reply | Threaded
Open this post in threaded view
|

Re: regular access file vs CIDR

Henrik K
In reply to this post by Stan Hoeppner
On Thu, Aug 07, 2008 at 05:16:59PM -0500, Stan Hoeppner wrote:

>
> That really didn't answer my question.  I guess I need to be more specific:
>
> Is the CIDR file a plain text flat file?  Do I need to run any commands  
> against it to do the binary conversions or is that something Postfix  
> does automatically on the fly?
>
> I'm a bit confused because I'm "coming from" using a hashed db file. The
> documentation doesn't state what the actual file type of a CIDR file is,
> it just says it's not in dbm or db format:
>
> The  Postfix  mail  system  uses  optional  lookup tables.
>        These tables are usually in dbm or  db  format.   Alterna-
>        tively,  lookup tables can be specified in CIDR (Classless
>        Inter-Domain Routing) form.
>
>
> I.e., can I just edit my access file, converting the dotted doubles,  
> triples, and quads to CIDR slash notation, and use it as my CIDR file?

There is no mention of "based on hashing" or "Database files are created
with xxx command" in table type list. So it's used plain text as is.

Reply | Threaded
Open this post in threaded view
|

Re: regular access file vs CIDR

Stan Hoeppner
In reply to this post by Rich Shepard
Rich Shepard wrote:
> On Thu, 7 Aug 2008, Stan Hoeppner wrote:
>
>> Is the CIDR file a plain text flat file?
>
> Stan,
>
>   Yes. A representative line:
>
> 222.111.0.0/12          550 Rejected IP address.

Thank you.  I knew what it's supposed to look like on the inside to
start out with.  I was just unsure if it needed to look like something
else before being ingested by Postfix.

>> Do I need to run any commands against it to do the binary conversions or
>> is that something Postfix does automatically on the fly?
>
>   Yes:
>
>     check_client_access cidr:/etc/postfix/badip,

Oh, heheh.  No, I meant like do I need to be running postmap on it from
the command line kinda scenario, like with the access file.

>> I.e., can I just edit my access file, converting the dotted doubles,
>> triples, and quads to CIDR slash notation, and use it as my CIDR file?
>
>   Yup. That's what I did.

Again, thanks much Rich.
Reply | Threaded
Open this post in threaded view
|

Re: regular access file vs CIDR

Stan Hoeppner
In reply to this post by Henrik K
Henrik K wrote:
> There is no mention of "based on hashing" or "Database files are created
> with xxx command" in table type list. So it's used plain text as is.

Thank you for the confirmation Henrik.  I'd rather be slapped with a
trout for asking a 'stupid' question than run over by a bus for making
an assumption. ;)

Reply | Threaded
Open this post in threaded view
|

Re: regular access file vs CIDR

Rich Shepard
In reply to this post by Stan Hoeppner
On Thu, 7 Aug 2008, Stan Hoeppner wrote:

> Oh, heheh.  No, I meant like do I need to be running postmap on it from
> the command line kinda scenario, like with the access file.

Stan,

   Yes: postmap. I use a Makefile so each time I change anything in
/etc/postfix the proper builds are run. Here's my Makefile:

# Makefile for /etc/postfix

TARGETS := access.db badaddr.db badip.db helo_checks.db\
  virtual.db aliases.db major-aliases.db recipients.db .build.mark

all: $(TARGETS)
  /usr/sbin/postfix reload
  rm -f *~

aliases.db: aliases
  /usr/sbin/postalias aliases

major-aliases.db: major-aliases
  /usr/sbin/postalias major-aliases

virtual.db: virtual
  /usr/sbin/postmap hash:/etc/postfix/virtual

.build.mark: main.cf master.cf header_checks body_checks
  touch .build.mark

%.db: %
  /usr/sbin/postmap $<

Rich

--
Richard B. Shepard, Ph.D.               |  Integrity            Credibility
Applied Ecosystem Services, Inc.        |            Innovation
<http://www.appl-ecosys.com>     Voice: 503-667-4517      Fax: 503-667-8863
Reply | Threaded
Open this post in threaded view
|

Re: regular access file vs CIDR

Noel Jones-2
Rich Shepard wrote:

> On Thu, 7 Aug 2008, Stan Hoeppner wrote:
>
>> Oh, heheh.  No, I meant like do I need to be running postmap on it from
>> the command line kinda scenario, like with the access file.
>
> Stan,
>
>   Yes: postmap. I use a Makefile so each time I change anything in
> /etc/postfix the proper builds are run. Here's my Makefile:
>
> # Makefile for /etc/postfix
>
> TARGETS := access.db badaddr.db badip.db helo_checks.db\
>     virtual.db aliases.db major-aliases.db recipients.db .build.mark
>
> all: $(TARGETS)
>     /usr/sbin/postfix reload
>     rm -f *~
>
> aliases.db: aliases
>     /usr/sbin/postalias aliases
>
> major-aliases.db: major-aliases
>     /usr/sbin/postalias major-aliases
>
> virtual.db: virtual
>     /usr/sbin/postmap hash:/etc/postfix/virtual
>
> .build.mark: main.cf master.cf header_checks body_checks
>     touch .build.mark
>
> %.db: %
>     /usr/sbin/postmap $<
>
> Rich
>

No, you do not need to "postmap" cidr: or regexp: or pcre:
tables.  These are all just plain text files.  Postfix reads
in the plain text file and processes it internally.

/* comments:
Postmap will not return an error if you attempt to index a
table intended for cidr or regexp, but postfix will never use
the resulting .db file.
So while "postmap table.cidr" is unlikely to break anything,
all it does is waste your time.

Yes, a Makefile is a great way to manage your indexed files.
cidr tables are not indexed files.

(secret from the crypt: you might want to tell your Makefile
to postmap some *other* indexed file when a cidr/pcre/regexp
file changes.  Read the docs carefully to figure out why you
might want to do this.)
*/

--
Noel Jones
Reply | Threaded
Open this post in threaded view
|

Re: regular access file vs CIDR

plist
In reply to this post by Stan Hoeppner
This is an answer from ANS Notification system

Bad response. Specify actionid, PIN, alarmid, entityid, ruleid and send a letter again. user=postfix users list <[hidden email]> entity=<UNKNOWN> alarm=0 action=UNKNOWN rule=0

 First 20 lines of your mail follows:
==================
Rich Shepard wrote:

> On Thu, 7 Aug 2008, Stan Hoeppner wrote:
>
>> Oh, heheh.  No, I meant like do I need to be running postmap on it from
>> the command line kinda scenario, like with the access file.
>
> Stan,
>
>   Yes: postmap. I use a Makefile so each time I change anything in
> /etc/postfix the proper builds are run. Here's my Makefile:
>
> # Makefile for /etc/postfix
>
> TARGETS := access.db badaddr.db badip.db helo_checks.db\
>     virtual.db aliases.db major-aliases.db recipients.db .build.mark
>
> all: $(TARGETS)
>     /usr/sbin/postfix reload
>     rm -f *~
>
==================

Reply | Threaded
Open this post in threaded view
|

Re: regular access file vs CIDR

Rich Shepard
In reply to this post by Noel Jones-2
On Thu, 7 Aug 2008, Noel Jones wrote:

> No, you do not need to "postmap" cidr: or regexp: or pcre: tables.  These are
> all just plain text files.  Postfix reads in the plain text file and
> processes it internally.

   Thank you, Noel. That cleared it up for me, too.

Rich
Reply | Threaded
Open this post in threaded view
|

Re: regular access file vs CIDR

Ralf Hildebrandt
In reply to this post by Stan Hoeppner
* Stan Hoeppner <[hidden email]>:

> Is the CIDR file a plain text flat file?  Do I need to run any commands  
> against it to do the binary conversions or is that something Postfix does

flat file, no need to do anything

> I.e., can I just edit my access file, converting the dotted doubles,  
> triples, and quads to CIDR slash notation, and use it as my CIDR file?

Just don't forget to use cidr:/file instead of hash:/file

--
Ralf Hildebrandt ([hidden email])          [hidden email]
Postfix - Einrichtung, Betrieb und Wartung       Tel. +49 (0)30-450 570-155
http://www.arschkrebs.de
How many viruses must arrive before people realize,
that M$ is just not ready for the enterprise?
Reply | Threaded
Open this post in threaded view
|

Re: regular access file vs CIDR

Ralf Hildebrandt
In reply to this post by Rich Shepard
* Rich Shepard <[hidden email]>:
> On Thu, 7 Aug 2008, Stan Hoeppner wrote:
>
>> Oh, heheh.  No, I meant like do I need to be running postmap on it from
>> the command line kinda scenario, like with the access file.
>
> Stan,
>
>   Yes: postmap.

No. You can't postmap cidr, pcre or regexp files. (You can use postmap
-q, though)

--
Ralf Hildebrandt ([hidden email])          [hidden email]
Postfix - Einrichtung, Betrieb und Wartung       Tel. +49 (0)30-450 570-155
http://www.arschkrebs.de
One morning I shot an elephant in my pyjamas. How he got into my pyjamas
I'll never know.  - Groucho Marx
Reply | Threaded
Open this post in threaded view
|

Re: regular access file vs CIDR

plist
In reply to this post by Stan Hoeppner
This is an answer from ANS Notification system

Bad response. Specify actionid, PIN, alarmid, entityid, ruleid and send a letter again. user=[hidden email] entity=<UNKNOWN> alarm=0 action=UNKNOWN rule=0

 First 20 lines of your mail follows:
==================
* Stan Hoeppner <[hidden email]>:

> Is the CIDR file a plain text flat file?  Do I need to run any commands  
> against it to do the binary conversions or is that something Postfix does

flat file, no need to do anything

> I.e., can I just edit my access file, converting the dotted doubles,  
> triples, and quads to CIDR slash notation, and use it as my CIDR file?

Just don't forget to use cidr:/file instead of hash:/file

--
Ralf Hildebrandt ([hidden email])          [hidden email]
Postfix - Einrichtung, Betrieb und Wartung       Tel. +49 (0)30-450 570-155
http://www.arschkrebs.de
How many viruses must arrive before people realize,
that M$ is just not ready for the enterprise?
==================