On Thu, Mar 21, 2024 at 03:20:23PM +0100, Matus UHLAR - fantomas via
Postfix-users wrote:
Wietse Venema via Postfix-users:
smtpd_discard_ehlo_keyword_address_maps =
cidr:{ {!10/8 silent-discard,dsn} }
On 23.02.24 11:12, Wietse Venema via Postfix-users wrote:
But that does not generalize to hosts with IPv4 and IPv6. In that case,
your approach will be more suitable.
On 3/21/2024 10:21 AM, Viktor Dukhovni via Postfix-users wrote:
Surely the generalisation is:
smtpd_discard_ehlo_keyword_address_maps =
cidr:{
{if 0.0.0.0/0}
# Private IPv4 addresses
{!10.0.0.0/8 silent-discard,dsn}
On 21.03.24 11:06, Noel Jones via Postfix-users wrote:
Seems to me 172. and 192. would match the above line.
Does cidr support DUNNO?
CIDR should, but smtpd_discard_ehlo_keyword_address_maps would understand it
as drop "DUNNO" kwyerd. That's why I used plain "silent-discard" in my
example instead.
{!172.16.0.0/12 silent-discard,dsn}
{!192.168.0.0/16 silent-discard,dsn}
I understand this as any address outside 10/8 would match the first
!10.0.0.0/8, adress in 10/8 would match the second !172.16.0.0/12 thus
third line would never be tried and all addresses would return
"silent-discard,dsn" like this:
{if 0.0.0.0/0}
# Private IPv4 addresses
{10.0.0.0/8 silent-discard}
{172.16.0.0/12 silent-discard}
{192.168.0.0/16 silent-discard}
{0.0.0.0/0 silent-discard,dsn}
{endif}
{endif}
{if ::/0}
# Unique local, site and link local IPv6 addresses
{!fc00::/7 silent-discard,dsn}
{!fe80::/9 silent-discard,dsn}
{endif}
}
Each set of negative rules can be constrained to its address family by
enclosing it in an if..endif block.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows found: (R)emove, (E)rase, (D)elete
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
