On Tue, Oct 2, 2012 at 9:20 PM, Wietse Venema <wie...@porcupine.org> wrote:
> Nope. If you were testing this more carefully then you would have > found that upper or lower case does not matter in this context. I tested the exact same line with PERMIT and permit. permit allowed the whitelist entry to work. PERMIT generates a warning. Oct 2 14:40:42 mx10 postfix/postscreen[3395]: warning: cidr:/etc/postfix/postscreen_access: unknown command: PERMIT -- ignoring the remainder of this access list I verified it again today, with a postfix restart between the change to the file /etc/postfix/postscreen_access I have a DNSBL with bind for testing and added my desktop's IP (changed to 111.222.333.444 in this email). Then I telnet port 25 to postfix and attempt to deliver a message. With PERMIT: $ telnet mx10 25 Trying XXX.YYY.201.19... Connected to mx10.example.com. Escape character is '^]'. 220-mx10.example.com ESMTP Postfix 220 mx10.example.com ESMTP Postfix HELO mydesktop.example.com 250 mx10.example.com MAIL FROM:j...@example.com 250 2.1.0 Ok RCPT TO:john....@example.com 550 5.7.1 Service unavailable; client [111.222.333.444] blocked using dnsbl.example.com quit This triggers a line in the log: Oct 3 09:22:30 mx10 postfix/postscreen[31857]: warning: cidr:/etc/postfix/postscreen_access: unknown command: PERMIT -- ignoring the remainder of this access list If I edit postscreen_access to change PERMIT to permit, restart postfix, it does not show the block error above, but hands it off to smtpd. :set list in vi shows there are no trailing characters in the line, and only tabs between the IP and permit/PERMIT This is postfix 2.9.4-20120801 If there is something I can do to trace, or recompile with a test result written to log, I'll do it.
