Am I really using a CIDR map?
in [Postfix]
|
Prev: smtpd_recipient_restrictions = check_recipient_access &sendmail
Next: Relay certain domains in the sender part by defined ip addresses
From: Robert Lopez on 6 Apr 2010 14:42 On Tue, Apr 6, 2010 at 12:33 PM, /dev/rob0 <rob0(a)gmx.co.uk> wrote: > On Tue, Apr 06, 2010 at 11:57:00AM -0600, Robert Lopez wrote: >> On Tue, Apr 6, 2010 at 10:52 AM, Noel Jones <njones(a)megan.vbhcs.org> >> wrote: >> > On 4/6/2010 11:39 AM, Robert Lopez wrote: >> >> Why does postfix not like the source file being removed from the >> >> /etc/postfix directory? >> > >> > cidr tables are plain-text tables. The source file is the live >> > table data. The .db file is your mistake; cidr tables should not >> > be indexed with postmap. >> >> That surprises me. >> >> The man page seems to me to indicate otherwise. >> My confusion is with this sentence: >> "These tables are usually in dbm or db format." >> which is from the Description portion below... > > Yes, and it continues: > "Alternatively, lookup tables can be specified in CIDR ... form." > > Taken together, with emphasis added: > "These tables are USUALLY in dbm or db format. ALTERNATIVELY, lookup > tables CAN BE ..." > > Perhaps the wording can be improved. The "usually" part is not so > relevant as are the particulars of what a cidr: map should be. > > " > The Postfix mail system uses optional lookup tables as described in > the DATABASE_README document. Lists of IP addresses can be specified > in CIDR (Classless Inter-Domain Routing) form. In this case, a plain > text file is the map, with the standard "key whitespace value" > format. When a match is found, the corresponding result is returned > and the search is terminated. > " That would help. Then so would this: "To test lookup tables, use the "postmap -q" command as described in the SYNOPSIS above for database files. The postmap -q will not work on the CIDR file as it is a test file." > > I know, it's probably not appropriate to refer to a README in that > part of a man page, but it seems more thorough and less likely to > confuse, to me, than the "usually" verbiage. > -- > Offlist mail to this address is discarded unless > "/dev/rob0" or "not-spam" is in Subject: header > -- Robert Lopez Unix Systems Administrator Central New Mexico Community College (CNM) 525 Buena Vista SE Albuquerque, New Mexico 87106
From: Noel Jones on 6 Apr 2010 14:48 On 4/6/2010 1:42 PM, Robert Lopez wrote: >> The Postfix mail system uses optional lookup tables as described in >> the DATABASE_README document. Lists of IP addresses can be specified >> in CIDR (Classless Inter-Domain Routing) form. In this case, a plain >> text file is the map, with the standard "key whitespace value" >> format. When a match is found, the corresponding result is returned >> and the search is terminated. >> " > > That would help. Then so would this: > > "To test lookup tables, use the "postmap -q" command as > described in the SYNOPSIS above for database files. The > postmap -q will not work on the CIDR file as it is a test file." Or how about postmap -q will not work if you use the wrong syntax
From: Robert Lopez on 6 Apr 2010 14:54 On Tue, Apr 6, 2010 at 12:48 PM, Noel Jones <njones(a)megan.vbhcs.org> wrote: > On 4/6/2010 1:42 PM, Robert Lopez wrote: >>> >>> The Postfix mail system uses optional lookup tables as described in >>> the DATABASE_README document. Lists of IP addresses can be specified >>> in CIDR (Classless Inter-Domain Routing) form. In this case, a plain >>> text file is the map, with the standard "key whitespace value" >>> format. When a match is found, the corresponding result is returned >>> and the search is terminated. >>> " >> >> That would help. Then so would this: >> >> "To test lookup tables, use the "postmap -q" command as >> described in the SYNOPSIS above for database files. The >> postmap -q will not work on the CIDR file as it is a test file." > > > Or how about > postmap -q will not work if you use the wrong syntax > Now that I understand my suggestion on that point is null and void. Thanks for the help. -- Robert Lopez Unix Systems Administrator Central New Mexico Community College (CNM) 525 Buena Vista SE Albuquerque, New Mexico 87106
From: Robert Lopez on 6 Apr 2010 14:56 I replied to Charles thinking I was replying to the list... On Tue, Apr 6, 2010 at 12:40 PM, Charles Marcus <CMarcus(a)media-brokers.com> wrote: > On 2010-04-06 2:35 PM, Robert Lopez wrote: >> If I remove the .db ile (As Noel points out not necessary) then I get >> an error because postmap seems to only look in database files: >> >> $ postmap -q 222.254.228.0/24 cidr-ip >> postmap: fatal: open database cidr-ip.db: No such file or directory > > Did you miss this from Wietse? I read it but at the time did not undestand it. > > "SYNOPSIS >> postmap -q "string" cidr:/etc/postfix/filename" > > Note the 'cidr:/' prefix to the file path/name? > > Noel already pointed out you need to use a single IP as the key... I have just confirmed that having this line in the file: 222.254.228.0/24 DISCARD Then then this is working: $ postmap -q 222.254.228.0 cidr:/etc/postfix/cidr-ip DISCARD $ postmap -q 222.254.228.1 cidr:/etc/postfix/cidr-ip DISCARD So, now I understand. > > -- > > Best regards, > > Charles -- Robert Lopez Unix Systems Administrator Central New Mexico Community College (CNM) 525 Buena Vista SE Albuquerque, New Mexico 87106
From: Wietse Venema on 6 Apr 2010 15:37
Robert Lopez: > On Tue, Apr 6, 2010 at 12:23 PM, Wietse Venema <wietse(a)porcupine.org> wrote: > > Robert Lopez: > > Now that you mention the documentation: > > > >> SYNOPSIS > >> ? ? ? ?postmap -q "string" cidr:/etc/postfix/filename > >> > >> ? ? ? ?postmap -q - cidr:/etc/postfix/filename <inputfile > >> > >> DESCRIPTION > > ... > >> ? ? ? ?To test lookup tables, use the ?"postmap ?-q" ?command ?as > >> ? ? ? ?described in the SYNOPSIS above. > > > > It takes some perseverance to find that text. > > That is another point that has me confused. > I have been testing to make certain changes I have made to the access file > were really there with postmap -q. The synopsis says: postmap -q "string" cidr:/etc/postfix/filename > As I originally posted: "An strace of "postmap -q <any-pattern> > cidr-ip" shows it is the cidr-ip.db file that is being read." by > postmap. The synopsis says that you should use cidr:filename. Wietse |