On 12 Mar 2019, at 9:16, Vincent Lefevre wrote:
On 2019-03-12 08:49:28 -0400, Bill Cole wrote:
"0" is not an octet pair. Demo:
# cat accessdemo
2a04:5200:fff4:0 REJECT 554 trailing zero
2a04:5200:fff4:0000 REJECT 554 trailing octet pair zeros
2a04:5200:fff4 REJECT 554 NO trailing zero
# postmap hash:accessdemo
# postmap -q 2a04:5200:fff4:0000:0001:0000:0000:0001 accessdemo
# postmap -q 2a04:5200:fff4:0000:0001:0000:0000 accessdemo
# postmap -q 2a04:5200:fff4:0000:0001:0000 accessdemo
# postmap -q 2a04:5200:fff4:0000:0001 accessdemo
# postmap -q 2a04:5200:fff4:0000 accessdemo
REJECT 554 trailing octet pair zeros
# postmap -q 2a04:5200:fff4 accessdemo
REJECT 554 NO trailing zero
OK, so you mean that "0" must be written as "0000"?
Yes, if you need it to match (i.e. if it isn't just a placeholder.)
Then why does the access(5) man page say "The access map lookup key
must be in canonical form" while "0000" is not the canonical form?
I have no answer for that. All I know is what actually works.
The RFC definition of "canonical form" is arguably inconsistent with the
description of the required format for Postfix and its matching strategy
in the access(5) man page.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Available For Hire: https://linkedin.com/in/billcole
