On 10 Jul 2018, at 22:24 (-0400), Philip wrote:
I'm curious to know what I've done wrong with my client checks file.
I can reject a specific IP but it won't reject when I use net
blocks... format is listed below in client_checks.cf
Suggestions comments welcome.
Pick a table format and use it.
main.cf.
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
check_client_access hash:/etc/postfix/client_checks.cf,
[...]
client_checks.cf.
5.0.0.0/8 REJECT We have not seen your IP Address before. Please
visit https://example.com?newip=5.0.0.0/8 to unblock your IP
That's CIDR format, not the domain/octet prefix form required for a
hashed access map.
See the man pages for access(5) and cidr_table(5) for the differences
and details, so you can pick one.
Also note: if you're going to reject all of 5.0.0.0/8 by default, you
might as well simplify and go with an overall default reject policy.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Steadier Work: https://linkedin.com/in/billcole
