On Tue, Jan 16, 2024 at 02:28:50PM -0500, Alex via Postfix-users wrote:
In addition to other comments, beware sloppy and inappropriate use of
"regular" expressions:
> /etc/postfix-118/client_checks.pcre:
> /74\.203\.184\.40/ OK
This should be a "cidr:" table lookup instead, and should use
permit_auth_destination, instead of "OK".
74.203.184.40/32 permit_auth_destination
> /etc/postfix-118/sender_checks.pcre:
> /myclient\.com/ permit
This should not be a regular expression check at all:
main.cf:
indexed = ${default_database_type}:${config_directory}/
smtpd_recipient_restrictions =
permit_mynetworks,
reject_unauth_destination,
check_sender_access ${indexed}sender_checks,
...
sender_checks:
myclient.com permit_auth_destination
.myclient.com permit_auth_destination
as written it allows:
- myclient.com@anydomain.example
- other-than-myclient.com@anydomain.example
- someuser@myclient.comcast
...
Correct use of regular expressions, which not only accepts all wanted
inputs, but also rejects allallunwanted inputs, is surprisingly rare.
Best practice is to avoid REs if at all possible, because you're likely
to use them incorrectly.
--
Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
