On 8/11/2016 11:01 AM, Richard Klingler wrote: > No...sorry for confusing...coming from the network world > I mean with prefix a subnet (or supernet speaking in the old class-A/B/C/D/E > IP address terms ;o) >
hash tables are searched by octet. For example, the entry 192.168 REJECT would block 192.168.*.* http://www.postfix.org/access.5.html For finer-grained control, use a cidr table. http://www.postfix.org/cidr_table.5.html > A perfect dynamic solution would be to have an external script launched > for each connection, which can lookup if a connecting IP address falls within > a prefix (subnet) stored on pgsql databse, and if there is a match, reject > the message. If you want an external process, you can use a policy service. But that's not necessary for what you've described so far. http://www.postfix.org/SMTPD_POLICY_README.html Or just use a pgsql table directly from postfix. > This way I won't have to do any postmap/postfix reload on the console > but feed the database directly from an own application. hash: type tables reload automatically and don't require a postfix reload. Database maps such as pgsql don't require a postfix reload. regexp/pcre and cidr table changes do require a postfix reload. (or you can cheat and touch an in-use hash: table instead) -- Noel Jones
