Re: mynetworks hash issue

Mon, 07 Oct 2013 14:39:44 -0700

I tried that method verbatium without success, postfix is able to start without issue however it continues to reject the machines I am using to test access and denied access.
Your recomendation I beleive assigns the path and file designation to the variable cidr when then continues to the next line calling that variable however for some unknown reason it is not working as intended through I would agree with you that it should work. 


If I understand the cidr_table(5) correctly then the first match is 
taken so an accept as example below would allow sending access of the 
client?


Method 1
[root@relay01 postfix]# grep cidr main.cf
cidr = cidr:${config_directory}/
    mynetworks = ${cidr}mynetworks.cidr
#mynetworks = cidr:/etc/postfix/mynetworks.cidr
[root@relay01 postfix]# postconf | grep mynetwork
mynetworks = 127.0.0.0/8 10.148.17.0/24 [::1]/128 [fe80::%eth0]/64
mynetworks_style = subnet

parent_domain_matches_subdomains = 
debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps
proxy_read_maps = $local_recipient_maps $mydestination 
$virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps 
$virtual_mailbox_domains $relay_recipient_maps $relay_domains 
$canonical_maps $sender_canonical_maps $recipient_canonical_maps 
$relocated_maps $transport_maps $mynetworks $sender_bcc_maps 
$recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps
smtpd_client_event_limit_exceptions = 
${smtpd_client_connection_limit_exceptions:$mynetworks}

smtpd_client_restrictions = permit_mynetworks, reject
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination

Method 2
[root@relay01 postfix]# grep cidr main.cf
#cidr = cidr:${config_directory}/
#    mynetworks = ${cidr}mynetworks.cidr
mynetworks = cidr:/etc/postfix/mynetworks.cidr
[root@relay01 postfix]# postconf | grep mynetwork
mynetworks = cidr:/etc/postfix/mynetworks.cidr
mynetworks_style = subnet

parent_domain_matches_subdomains = 
debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps
proxy_read_maps = $local_recipient_maps $mydestination 
$virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps 
$virtual_mailbox_domains $relay_recipient_maps $relay_domains 
$canonical_maps $sender_canonical_maps $recipient_canonical_maps 
$relocated_maps $transport_maps $mynetworks $sender_bcc_maps 
$recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps
smtpd_client_event_limit_exceptions = 
${smtpd_client_connection_limit_exceptions:$mynetworks}

smtpd_client_restrictions = permit_mynetworks, reject
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination

[root@relay01 postfix]# more mynetworks.cidr

#IP and status required being (trusted:reject) required, though value is 
otherwise ignored.

10.147.1.31  trusted
10.147.1.32  trusted
10.147.1.38  trusted
10.147.11.0/24  trusted
10.147.11.11  reject


In looking at other options would it be possible to use mysql with a 
table which consisted of the fields for IP, and status or would that not 
be possible for the mynetworks property?


Thanks again for the help.




























					Reply via email to