Loading ...
Sorry, an error occurred while loading the content.
 

Re: Restricting port 25 with cidr table

Expand Messages
  • Nikolaos Milas
    ... Hi Charles, I missed this mail. I never got any answer, yet I am pretty confident it will work. However, I will opt for the second method:
    Message 1 of 11 , Jan 31 2:05 AM
      On 26/1/2012 1:09 πμ, Charles Marcus wrote:

      >> However, we could formulate gwservers.cidr as (for example):
      >> >
      >> > xxx.xxx.xxx.xxx OK
      >> > xxx.xxx.xxx.xxx OK
      >> > 127.0.0.1 OK
      >> > xxxx:xxxx:xxxx:xxxx::xxxx:xxxx OK
      >> > xxxx:xxxx:xxxx:xxxx::xxxx OK
      >> > ::1 OK
      >> > 0.0.0.0/0 reject unauthorized client, please use our MX
      >> > ::/0 reject unauthorized client, please use our MX
      > Missed this... did you ever get an answer as to whether or not this
      > would work?
      >
      > Since the default 'final action' for postfix is accept not reject, I'd
      > rather not change that if unnecessary.

      Hi Charles,

      I missed this mail. I never got any answer, yet I am pretty confident it
      will work.

      However, I will opt for the second method:

      /etc/postfix/gwservers.cidr:
      xxx.xxx.xxx.xxx OK
      xxx.xxx.xxx.xxx OK
      127.0.0.1 OK
      xxxx:xxxx:xxxx:xxxx::xxxx:xxxx OK
      xxxx:xxxx:xxxx:xxxx::xxxx OK
      ::1 OK

      and
      smtpd_client_restrictions = check_client_access
      cidr:/etc/postfix/gwservers.cidr,reject

      If there is no match in the cidr lookup, there is no default implied
      accept, but the check moves to the next statement among those in
      smtpd_client_restrictions which in this case is a reject.

      I hope someone more experienced here can confirm this.

      All the best,
      Nick
    Your message has been successfully submitted and would be delivered to recipients shortly.