smtpd_client_restriction map in CIDR?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

smtpd_client_restriction map in CIDR?

Gary Aitken
I had the impression a map could contain client addresses in CIDR
notation, but apparently not.  Is there a way to make restrictions
using CIDR notation?

Here's what I was trying to do:

smtpd_client_restrictions =
   permit_mynetworks
   check_client_access hash:/etc/postfix/ok_client
   reject

/etc/postfix/ok_client:
209.85.128.0/17   OK

$ ls -lt ok_client*
-rw-r--r-- 1 root root 12288 Feb 19 16:35 ok_client.db
-rw-r--r-- 1 root root   700 Feb 19 16:35 ok_client

mail.log:
23551  >>> START Client host RESTRICTIONS <<<
23552  generic_checks: name=permit_mynetworks
23571  check_addr_access: 209.85.217.52
23572  maps_find: hash:/etc/postfix/ok_client: 209.85.217.52: not found
23573  maps_find: hash:/etc/postfix/ok_client: 209.85.217: not found
23574  maps_find: hash:/etc/postfix/ok_client: 209.85: not found
23575  maps_find: hash:/etc/postfix/ok_client: 209: not found

$ postmap -q 209.85.217.52 hash:ok_client
$ postmap -q 209.85 hash:ok_client
$ postmap -q 209.85.128.0 hash:ok_client
$ postmap -q 209.85.128.0/17 hash:ok_client
OK

Gary
Reply | Threaded
Open this post in threaded view
|

Re: smtpd_client_restriction map in CIDR?

Matthias Kneer
Hi Gary,

> Is there a way to make restrictions using CIDR notation?

Yes - just replace hash with cidr, like this:

  smtpd_client_restrictions =
    permit_mynetworks
    check_client_access cidr:/etc/postfix/ok_client
    reject

More details: http://www.postfix.org/cidr_table.5.html

Best regards,
Matthias

Am 19.02.2021 21:01, schrieb Gary Aitken:

> I had the impression a map could contain client addresses in CIDR
> notation, but apparently not.  Is there a way to make restrictions
> using CIDR notation?
>
> Here's what I was trying to do:
>
> smtpd_client_restrictions =
>   permit_mynetworks
>   check_client_access hash:/etc/postfix/ok_client
>   reject
>
> /etc/postfix/ok_client:
> 209.85.128.0/17   OK
>
> $ ls -lt ok_client*
> -rw-r--r-- 1 root root 12288 Feb 19 16:35 ok_client.db
> -rw-r--r-- 1 root root   700 Feb 19 16:35 ok_client
>
> mail.log:
> 23551  >>> START Client host RESTRICTIONS <<<
> 23552  generic_checks: name=permit_mynetworks
> 23571  check_addr_access: 209.85.217.52
> 23572  maps_find: hash:/etc/postfix/ok_client: 209.85.217.52: not found
> 23573  maps_find: hash:/etc/postfix/ok_client: 209.85.217: not found
> 23574  maps_find: hash:/etc/postfix/ok_client: 209.85: not found
> 23575  maps_find: hash:/etc/postfix/ok_client: 209: not found
>
> $ postmap -q 209.85.217.52 hash:ok_client
> $ postmap -q 209.85 hash:ok_client
> $ postmap -q 209.85.128.0 hash:ok_client
> $ postmap -q 209.85.128.0/17 hash:ok_client
> OK
>
> Gary
Reply | Threaded
Open this post in threaded view
|

Re: smtpd_client_restriction map in CIDR?

Benny Pedersen-2
In reply to this post by Gary Aitken
On 2021-02-19 21:01, Gary Aitken wrote:

> $ postmap -q 209.85.217.52 hash:ok_client
> $ postmap -q 209.85 hash:ok_client
> $ postmap -q 209.85.128.0 hash:ok_client
> $ postmap -q 209.85.128.0/17 hash:ok_client
> OK

change hash to cidr, and try again
Reply | Threaded
Open this post in threaded view
|

Re: smtpd_client_restriction map in CIDR?

Wietse Venema
In reply to this post by Gary Aitken
Gary Aitken:
> I had the impression a map could contain client addresses in CIDR
> notation, but apparently not.  Is there a way to make restrictions
> using CIDR notation?

Postfix CIDR maps support CIDR. I don't understand how one
would implement CIDR lookup keys in a hash: map.

        Wietse

> Here's what I was trying to do:
>
> smtpd_client_restrictions =
>    permit_mynetworks
>    check_client_access hash:/etc/postfix/ok_client
>    reject
>
> /etc/postfix/ok_client:
> 209.85.128.0/17   OK
>
> $ ls -lt ok_client*
> -rw-r--r-- 1 root root 12288 Feb 19 16:35 ok_client.db
> -rw-r--r-- 1 root root   700 Feb 19 16:35 ok_client
>
> mail.log:
> 23551  >>> START Client host RESTRICTIONS <<<
> 23552  generic_checks: name=permit_mynetworks
> 23571  check_addr_access: 209.85.217.52
> 23572  maps_find: hash:/etc/postfix/ok_client: 209.85.217.52: not found
> 23573  maps_find: hash:/etc/postfix/ok_client: 209.85.217: not found
> 23574  maps_find: hash:/etc/postfix/ok_client: 209.85: not found
> 23575  maps_find: hash:/etc/postfix/ok_client: 209: not found
>
> $ postmap -q 209.85.217.52 hash:ok_client
> $ postmap -q 209.85 hash:ok_client
> $ postmap -q 209.85.128.0 hash:ok_client
> $ postmap -q 209.85.128.0/17 hash:ok_client
> OK
>
> Gary
>
Reply | Threaded
Open this post in threaded view
|

Re: smtpd_client_restriction map in CIDR? (Thanks & suggestion)

Gary Aitken
On 2/19/21 1:51 PM, Wietse Venema wrote:

> Postfix CIDR maps support CIDR. I don't understand how one
> would implement CIDR lookup keys in a hash: map.

me either, thanks and to others who replied also

It would be handy if postmap hash:foo printed a warning if it encountered
CIDR or any other problematic entry.

BTW, the index of the postfix book entry for CIDR is missing pp 45

Gary