Viktor Dukhovni:
>
> > On Feb 5, 2017, at 1:25 PM, James <[email protected]> wrote:
> >
> > I guess my basic question here is "does check_helo_access, or
> > check_helo_a_access, play nicely with cidr:table's when the helo/ehlo
> > command presents an address literal?"
>
> Support for cidr tables in check_helo_a_access applies only to domain names
> not to address literals.
>
> So it works when the "domain name" is just a dotted IPv4 string, but not
> when it is enclosed in [] as an address literal.
>
> Thus, with check_helo_a_access,
> EHLO 127.0.0.1
> will match a CIDR key of 127.0.0.0/8, but
> EHLO [127.0.0.1]
> will not.
According to source code, it would do CIDR lookups with
check_xxx_mx_access, but not with check_xxx_a_access.
That is an implementation oversight. Postfix 2.2 introduced
check_xx_mx_access and check_xx_ns_access. When support for
check_xx_a_access was added later, some condition was not updated.
Wietse
--- ./src/smtpd/smtpd_check.c- 2017-01-28 19:43:45.000000000 -0500
+++ ./src/smtpd/smtpd_check.c 2017-02-05 15:55:35.000000000 -0500
@@ -2957,7 +2957,7 @@
const char *bare_addr;
ssize_t len;
- if (type != T_MX)
+ if (type != T_A && type != T_MX)
return (SMTPD_CHECK_DUNNO);
len = strlen(domain);
if (domain[len - 1] != ']')
