On 11/05/2010 01:26 AM, Vincent Lefevre wrote:
On 2010-11-04 19:06:57 -0500, Stan Hoeppner wrote:
check_client_access pcre:/etc/postfix/filter.pcre
check_sender_access pcre:/etc/postfix/filter.pcre
check_recipient_access pcre:/etc/postfix/filter.pcre
As you can see, this is defined by the smtpd_foo_restriction you target
the PCRE table with. What is checked against the table is dependent on
the restriction used. Read the documentation for each check_*_access
restriction above at: http://www.postfix.org/postconf.5.html
On this page, it is said:
check_client_access type:table
Search the specified access database for the client hostname,
^^^^^^^^^^^^^^^
parent domains, client IP address, or networks obtained by
^^^^^^^^^^^^^^^^^
stripping least significant octets. See the access(5) manual page
for details.
And in the access(5) manual page:
Depending on the application, that string is an entire client
hostname, an entire client IP address, or an entire mail address.
So, which string is checked when a pcre table is used with
check_client_access? The client hostname or the client IP address?
*REGULAR EXPRESSION TABLES*
This section describes how the table lookups change when
the table is given in the form of regular expressions. For
a description of regular expression lookup table syntax,
see*regexp_table*(5) <http://www.postfix.org/regexp_table.5.html>
or*pcre_table*(5) <http://www.postfix.org/pcre_table.5.html>.
Each pattern is a regular expression that is applied to
the entire string being looked up. Depending on the appli-
cation, that string is an entire client hostname, an
entire client IP address, or an entire mail address. Thus,
no parent domain or parent network search is done,
/u...@domain/ mail addresses are not broken up into their
/user@/ and/domain/ constituent parts, nor is/user+foo/ broken
up into/user/ and/foo/.
Patterns are applied in the order as specified in the ta-
ble, until a pattern is found that matches the search
string.
Actions are the same as with indexed file lookups, with
the additional feature that parenthesized substrings from
the pattern can be interpolated as*$1*,*$2* and so on.
I copied the entire section detailing PCRE access matches for you, since
you seem unable to find it.
How many domain names look like IP addresses to you ?
If check_client_access matches against both IPs and hostnames, then your
regex table will match against both IPs and hostnames.
Also read http://www.postfix.org/pcre_table.5.html for more detail on
PCRE maps.
--
J.
