[pfx] Re: postscreen_access_list limitations?

[Greg Klanderman via Postfix-users]

>>>>> On April 13, 2025 Viktor Dukhovni via Postfix-users 
>>>>> <postfix-users@postfix.org> wrote:

> On Sun, Apr 13, 2025 at 08:12:26PM -0400, Greg Klanderman via Postfix-users 
> wrote:
>> Am I not able to match on the client FQDN in postscreen_access_list?
>> I.e. using a hash: table?

> This has little to do with hash tables, but as documented in
> https://www.postfix.org/postconf.5.html#postscreen_access_list the only
> supported lookup key is the full IP address, table lookups happen prior
> to any DNS resolution.

I guess I'd argue this could be a bit clearer, and probably also
mentioned in POSTSCREEN_README.html.

And anyway seems like a premature optimization.

>> I was hoping I could kill .ip.linodeusercontent.com and other such
>> garbage very early/quickly and just switched to using postscreen to
>> implement that..

> If you know the associated CIDR blocks, you can use a CIDR table.

Just a lot more work when I could easily match against the hostname.

>> Is the only option to turn off smtpd_delay_reject and use
>> smtpd_client_restrictions?

> That's an option, or just accept the fact that rejects will happen
> at RCPT TO, and you'll get better logging of the client HELO, sender
> and recipient address for any rejected messages.

I was hoping to get all this garbage out of my postfix (proper) logs,
but I can spend a bit more time on log postprocessing I suppose.

thanks,
Greg
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org