Loading ...
Sorry, an error occurred while loading the content.

Odd table lookup problem

Expand Messages
  • Joshua M Thompson
    I m seeing something strange that totally has me stumped. I m using a CIDR map as input to check_client_access in my sender and recipient restrictions. It s
    Message 1 of 6 , Aug 31 12:00 PM
    • 0 Attachment
      I'm seeing something strange that totally has me stumped. I'm using a
      CIDR map as input to check_client_access in my sender and recipient
      restrictions. It's mostly running fine, but for certain clients
      (including our backup MXs) I'm seeing a lot of this in the logs:

      Aug 31 14:53:43 xxxxxx postfix/smtpd[18848]: warning:
      cidr:/etc/postfix/client_access.cidr: table lookup problem

      Aug 31 14:53:43 xxxxxx postfix/smtpd[18848]: NOQUEUE: reject: RCPT from
      unknown[x.x.x.x]: 451 4.3.5 <unknown[x.x.x.x]>: Client host rejected:
      Server configuration error; from=<user@...> to=<someone@...>
      proto=ESMTP helo=<client.domain.com>

      The file itself is 100% fine, and postmap -q works just great on it when
      I try these client IPs by hand. I've read the cidr_table man page a
      million times and done a lot of web searching and I can't find anything
      mentioning what a table lookup problem on a CIDR table implies.

      Any ideas?

      --
      Joshua M Thompson <funaho@...>
    • Joshua M Thompson
      ... Er, make that sender and CLIENT restrictions. -- Joshua M Thompson
      Message 2 of 6 , Aug 31 12:03 PM
      • 0 Attachment
        On Thu, 2006-08-31 at 15:00 -0400, Joshua M Thompson wrote:
        > I'm seeing something strange that totally has me stumped. I'm using a
        > CIDR map as input to check_client_access in my sender and recipient
        > restrictions. It's mostly running fine, but for certain clients

        Er, make that sender and CLIENT restrictions.

        --
        Joshua M Thompson <funaho@...>
      • Victor Duchovni
        ... This is a left-over dict_errno from a previous table lookup error. It looks like dict_cidr_lookup() is missing a dict_errno = 0; initialization, so a
        Message 3 of 6 , Aug 31 12:23 PM
        • 0 Attachment
          On Thu, Aug 31, 2006 at 03:00:50PM -0400, Joshua M Thompson wrote:

          > I'm seeing something strange that totally has me stumped. I'm using a
          > CIDR map as input to check_client_access in my sender and recipient
          > restrictions. It's mostly running fine, but for certain clients
          > (including our backup MXs) I'm seeing a lot of this in the logs:
          >
          > Aug 31 14:53:43 xxxxxx postfix/smtpd[18848]: warning:
          > cidr:/etc/postfix/client_access.cidr: table lookup problem
          >

          This is a left-over "dict_errno" from a previous table lookup error.
          It looks like dict_cidr_lookup() is missing a "dict_errno = 0;"
          initialization, so a CIDR lookup right after a previous failed lookup
          in some other table may appear to fail.

          If I am not mistaken the fix is:

          Index: util/dict_cidr.c
          --- util/dict_cidr.c 15 Jul 2006 20:26:51 -0000 1.1.1.1
          +++ util/dict_cidr.c 31 Aug 2006 19:22:39 -0000
          @@ -75,6 +75,7 @@
          DICT_CIDR *dict_cidr = (DICT_CIDR *) dict;
          DICT_CIDR_ENTRY *entry;

          + dict_errno = 0;
          if (msg_verbose)
          msg_info("dict_cidr_lookup: %s: %s", dict->name, key);


          --
          Viktor.

          Disclaimer: off-list followups get on-list replies or get ignored.
          Please do not ignore the "Reply-To" header.

          To unsubscribe from the postfix-users list, visit
          http://www.postfix.org/lists.html or click the link below:
          <mailto:majordomo@...?body=unsubscribe%20postfix-users>

          If my response solves your problem, the best way to thank me is to not
          send an "it worked, thanks" follow-up. If you must respond, please put
          "It worked, thanks" in the "Subject" so I can delete these quickly.
        • Sandy Drobic
          ... In 95% a server configuration error means you have a typo in your configuration file. Sandy
          Message 4 of 6 , Aug 31 12:24 PM
          • 0 Attachment
            Joshua M Thompson wrote:
            > I'm seeing something strange that totally has me stumped. I'm using a
            > CIDR map as input to check_client_access in my sender and recipient
            > restrictions. It's mostly running fine, but for certain clients
            > (including our backup MXs) I'm seeing a lot of this in the logs:
            >
            > Aug 31 14:53:43 xxxxxx postfix/smtpd[18848]: warning:
            > cidr:/etc/postfix/client_access.cidr: table lookup problem
            >
            > Aug 31 14:53:43 xxxxxx postfix/smtpd[18848]: NOQUEUE: reject: RCPT from
            > unknown[x.x.x.x]: 451 4.3.5 <unknown[x.x.x.x]>: Client host rejected:
            > Server configuration error; from=<user@...> to=<someone@...>
            > proto=ESMTP helo=<client.domain.com>

            In 95% a "server configuration error" means you have a typo in your
            configuration file.

            Sandy
          • Wietse Venema
            ... You re not mistaken. Other map lookups do reset dict_errno, including the proxymap client. Wietse
            Message 5 of 6 , Aug 31 1:41 PM
            • 0 Attachment
              Victor Duchovni:
              > On Thu, Aug 31, 2006 at 03:00:50PM -0400, Joshua M Thompson wrote:
              >
              > > I'm seeing something strange that totally has me stumped. I'm using a
              > > CIDR map as input to check_client_access in my sender and recipient
              > > restrictions. It's mostly running fine, but for certain clients
              > > (including our backup MXs) I'm seeing a lot of this in the logs:
              > >
              > > Aug 31 14:53:43 xxxxxx postfix/smtpd[18848]: warning:
              > > cidr:/etc/postfix/client_access.cidr: table lookup problem
              > >
              >
              > This is a left-over "dict_errno" from a previous table lookup error.
              > It looks like dict_cidr_lookup() is missing a "dict_errno = 0;"
              > initialization, so a CIDR lookup right after a previous failed lookup
              > in some other table may appear to fail.
              >
              > If I am not mistaken the fix is:

              You're not mistaken. Other map lookups do reset dict_errno, including
              the proxymap client.

              Wietse
            • Tony Earnshaw
              ... Don t use cidr tables for sender restrictions, since senders are always envelope senders, never networks. --Tonni -- Tony Earnshaw reservebergenser
              Message 6 of 6 , Sep 1, 2006
              • 0 Attachment
                to den 31.08.2006 Klokka 15:03 (-0400) skreiv Joshua M Thompson:

                > On Thu, 2006-08-31 at 15:00 -0400, Joshua M Thompson wrote:
                > > I'm seeing something strange that totally has me stumped. I'm using a
                > > CIDR map as input to check_client_access in my sender and recipient
                > > restrictions. It's mostly running fine, but for certain clients
                >
                > Er, make that sender and CLIENT restrictions.

                Don't use cidr tables for sender restrictions, since senders are always
                envelope senders, never networks.

                --Tonni

                --
                Tony Earnshaw
                reservebergenser
              Your message has been successfully submitted and would be delivered to recipients shortly.