On 26/1/2012 1:09 πμ, Charles Marcus wrote:
However, we could formulate gwservers.cidr as (for example):
>
> xxx.xxx.xxx.xxx OK
> xxx.xxx.xxx.xxx OK
> 127.0.0.1 OK
> xxxx:xxxx:xxxx:xxxx::xxxx:xxxx OK
> xxxx:xxxx:xxxx:xxxx::xxxx OK
> ::1 OK
> 0.0.0.0/0 reject unauthorized client, please use our MX
> ::/0 reject unauthorized client, please use our MX
Missed this... did you ever get an answer as to whether or not this
would work?
Since the default 'final action' for postfix is accept not reject, I'd
rather not change that if unnecessary.
Hi Charles,
I missed this mail. I never got any answer, yet I am pretty confident it
will work.
However, I will opt for the second method:
/etc/postfix/gwservers.cidr:
xxx.xxx.xxx.xxx OK
xxx.xxx.xxx.xxx OK
127.0.0.1 OK
xxxx:xxxx:xxxx:xxxx::xxxx:xxxx OK
xxxx:xxxx:xxxx:xxxx::xxxx OK
::1 OK
and
smtpd_client_restrictions = check_client_access
cidr:/etc/postfix/gwservers.cidr,reject
If there is no match in the cidr lookup, there is no default implied
accept, but the check moves to the next statement among those in
smtpd_client_restrictions which in this case is a reject.
I hope someone more experienced here can confirm this.
All the best,
Nick
