On Mon, Mar 16, 2020 at 09:06:00AM +0100, Robby Van Mieghem wrote:
> smtpd_client_restrictions =
> check_client_access cidr:${config_directory}/client_access,
> reject
>
> # EOP ranges as indicated by MS
> 23.103.132.0/22 OK
> 23.103.136.0/21 OK
> 23.103.156.0/22 OK
> 23.103.198.0/24 OK
> 23.103.200.0/22 OK
> 23.103.212.0/22 OK
Unsurpringly, this returns "OK" for the listed entries, and
no result otherwise, which then in "smtpd_client_restrictions"
falls through to "reject".
> Tried testing it also with:
>
> $ postmap -q "1.1.1.1" cidr:/etc/postfix-EOP2DC/client_access
>
> à no result
As expected, since "1.1.1.1" does not appear to be listed in the CIDR
table.
> So it generally allows every IP now...
No, that's not the right conclusion.
--
Viktor.
