On 2/2/2013 3:50 PM, Viktor Dukhovni wrote: > On Sat, Feb 02, 2013 at 03:34:30PM -0600, Stan Hoeppner wrote: > >> check_client_access pcre:/etc/postfix/client_access >> ... >> >> /etc/postfix/client_access: >> /.*facebook\.com$/ permit > > This is not robust for two reasons, the first is a simple oversight, > replace:
It wasn't intended to be robust Viktor, but quite the opposite. > /.*facebook\.com$/ permit > > with > > /\.facebook\.com$/ permit > > since "notfacebook.com" is not "facebook.com" and any SMTP client > in the real facebook.com domain would be a proper sub-domain. I guess you missed what came directly after that... On 2/2/2013 3:08 PM, Stan Hoeppner wrote: > You may want to be more specific. I made my example very generic as > your expression above seems to miss some of their outbound host rdns, > such as: outappmail004.snc4.facebook.com Sometimes, when a kid asks for an apple, it's better to give him a rotten one, so as to teach him to pick his own fresh apples from the tree. I.e. I gave him a rotten example of a regex hoping/assuming he'd do some legwork and create his own set of fully qualified expressions to meet his needs. -- Stan
