On Mon, May 03, 2010 at 07:51:30AM -0700, Gary Smith wrote:
> I have a need to migrate some IP's from a static file to a hash
> file. These are singleton IP's (hash CIDR's). My understanding is
> this is just a verification table, so a long as it exists (i.e.
> returns any value) it's considered allows if there is a match. Is
> this correct?
For a lookup of mynetworks, yes, the result is ignored.
http://www.postfix.org/postconf.5.html#mynetworks
> i.e. would this be acceptable for this type of map?
> 10.20.0.2 ok
> 10.20.1.91 ok
> ...
>
> We've found that some of the farm servers aren't updated with the
> proper client IP's and reloading the service each time seems a
> little overkill, and since we already have a process in place for
> dumping the other maps to the servers every 5 minutes, I might as
> well just add it there.
Sure, this is an improvement over what you had, but it seems strange
to me that mynetworks would be changing frequently. Perhaps SASL AUTH
is a better solution overall?
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
