Re: Assistance with check_helo_access domain matching please

• Previous message: Magnus Bäck: "Re: Postfix Restriction class not working properly"
• Maybe in reply to: Geoff W: "Assistance with check_helo_access domain matching please"
• Next in thread: Geoff W: "Re: Assistance with check_helo_access domain matching please"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Tuesday, August 01, 2006 at 10:57 CEST,
     Geoff W <> wrote:

> I'm using reject_unknown_helo_hostname and I'm aware that not all
> genuine mail relays have a valid DNS entry for their HELO name so I
> have a check_helo_access table.
> smtpd_helo_restrictions = check_helo_access hash:/etc/postfix/allow_helos, reject_invalid_helo_hostname, reject_unknown_helo_hostname
>
> My interpreatation of access(5) is that I can use a dot prefix for
> entries in the hash table and postfix will then accept all subdomains
> for the domain name given. Thus I have
> .ispmail.ntl.com OK
> in order to accept all mail from mtaout01-winn.ispmail.ntl.com,
> mtaout02-winn.ispmail.ntl.com, etc.

This is only true if smtpd_access_maps is NOT listed in
parent_domain_matches_subdomains. By default it IS listed,
and in that case example.com matches example.com and all
subdomains thereof.

So, either remove smtpd_access_maps from
parent_domain_matches_subdomains or remove the leading dot
from the lookup keys.

[...]

-- 
Magnus Bäck

• Previous message: Magnus Bäck: "Re: Postfix Restriction class not working properly"
• Maybe in reply to: Geoff W: "Assistance with check_helo_access domain matching please"
• Next in thread: Geoff W: "Re: Assistance with check_helo_access domain matching please"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]