Am I really using a CIDR map?
in [Postfix]
|
Prev: smtpd_recipient_restrictions = check_recipient_access &sendmail
Next: Relay certain domains in the sender part by defined ip addresses
From: Robert Lopez on 6 Apr 2010 12:39 For some time I have been tracking changes to the access table with RCS. Each time a change is made the "ci access" results in the removal of the access file from /etc/postfix and leaving the /etc/postfix.access.db file. Today I tried to check in a cidr table named cidr-ip. Upon check-in (and restart of postfix) I got this message in the maillog file: Apr 6 10:12:57 mg05 postfix/smtpd[4632]: fatal: open /etc/postfix/cidr-ip: No such file or directory A "postmap -q <any-pattern-in-file> cidr-ip" returns the rest of the matching line correctly. An strace of "postmap -q <any-pattern> cidr-ip" shows it is the cidr-ip.db file that is being read. Why does postfix not like the source file being removed from the /etc/postfix directory? [root(a)mg05 postfix]$ postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = yes biff = no bounce_size_limit = 1 config_directory = /etc/postfix default_process_limit = 400 header_checks = regexp:/etc/postfix/header_checks inet_interfaces = all mailbox_size_limit = 0 masquerade_domains = $mydomain, cnm.edu, nmvc.org, nmvirtualcollege.org max_use = 100 message_size_limit = 16777216 mydestination = $myhostname, $mydomain, localhost.localdomain, cnm.edu, mail.cnm.edu myhostname = mg05.cnm.edu mynetworks = 198.133.182.0/24, 198.133.181.0/24, 198.133.180.0/24, 172.16.0.0/12, 192.168.0.0/16, 10.0.0.0/8, 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 notify_classes = resource, software readme_directory = no recipient_delimiter = + relay_domains = mg04.cnm.edu, mg05.cnm.edu, mg06.cnm.edu, nmvc.org, mail.nmvc.org, mg04.nmvc.org, mg05.nmvc.org, mg06.nmvc.org, nmvirtualcollege.org, mail.nmvirtualcollege.org, mg04.nmvirtualcollege.org,mg05. nmvirtualcollege.org, mg05.nmvirtualcollege.org, nmln.net, ideal-nm.org, ideal-nm.net, idealnm.org, idealnm.net relayhost = smtp_host_lookup = dns, native smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_client_restrictions = reject_unauth_pipelining check_client_access hash:/etc/postfix/whitelist check_client_access cidr:/etc/postfix/cidr-ip check_client_access hash:/etc/postfix/access permit_mynetworks reject_rbl_client n6mn6bwuuaertsbehompac3udq.zen.dq.spamhaus.net reject_rbl_client bl.spamcop.net reject_rbl_client dnsbl.njabl.org reject_rbl_client blackholes.five-ten-sg.com=127.0.0.4 reject_rbl_client blackholes.five-ten-sg.com=127.0.0.5 reject_rbl_client blackholes.five-ten-sg.com=127.0.0.6 reject_rbl_client blackholes.five-ten-sg.com=127.0.0.7 reject_rbl_client blackholes.five-ten-sg.com=127.0.0.8 reject_rbl_client blackholes.five-ten-sg.com=127.0.0.9 reject_rbl_client blackholes.five-ten-sg.com=127.0.0.10 reject_rbl_client blackholes.five-ten-sg.com=127.0.0.11 reject_rbl_client blackholes.five-ten-sg.com=127.0.0.13 smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks check_helo_access hash:/etc/postfix/helo-ip reject_invalid_hostname reject_non_fqdn_helo_hostname smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/greylist check_sender_access hash:/etc/postfix/access permit_mynetworks reject_non_fqdn_sender reject_unknown_sender_domain permit_mynetworks reject_unauth_destination reject_unknown_recipient_domain reject_unlisted_recipient check_recipient_access hash:/etc/postfix/overquota reject_non_fqdn_recipient reject_unknown_recipient_domain smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_use_tls = yes virtual_alias_maps = hash:/etc/postfix/virtualaliases -- Robert Lopez Unix Systems Administrator Central New Mexico Community College (CNM) 525 Buena Vista SE Albuquerque, New Mexico 87106
From: Wietse Venema on 6 Apr 2010 12:45 Robert Lopez: > A "postmap -q <any-pattern-in-file> cidr-ip" returns the rest of the > matching line correctly. This uses the default database type, which is "hash:" on most systems. Thus. Postfix opens "hash:cidr-ip" which results in opening cidr-ip.db. To query a CIDR file, specify cidr:filename, just like you have in main.cf. Wietse
From: Noel Jones on 6 Apr 2010 12:52 On 4/6/2010 11:39 AM, Robert Lopez wrote: > For some time I have been tracking changes to the access table with RCS. > Each time a change is made the "ci access" results in the removal of > the access file from /etc/postfix and leaving the > /etc/postfix.access.db file. > > Today I tried to check in a cidr table named cidr-ip. Upon check-in > (and restart of postfix) I got this message in the maillog file: > Apr 6 10:12:57 mg05 postfix/smtpd[4632]: fatal: open > /etc/postfix/cidr-ip: No such file or directory > > A "postmap -q<any-pattern-in-file> cidr-ip" returns the rest of the > matching line correctly. > An strace of "postmap -q<any-pattern> cidr-ip" shows it is the > cidr-ip.db file that is being read. > > Why does postfix not like the source file being removed from the > /etc/postfix directory? cidr tables are plain-text tables. The source file is the live table data. The .db file is your mistake; cidr tables should not be indexed with postmap. -- Noel Jones
From: Robert Lopez on 6 Apr 2010 13:57 On Tue, Apr 6, 2010 at 10:52 AM, Noel Jones <njones(a)megan.vbhcs.org> wrote: > On 4/6/2010 11:39 AM, Robert Lopez wrote: >> >> For some time I have been tracking changes to the access table with RCS. >> Each time a change is made the "ci access" results in the removal of >> the access file from /etc/postfix and leaving the >> /etc/postfix.access.db file. >> >> Today I tried to check in a cidr table named cidr-ip. Upon check-in >> (and restart of postfix) I got this message in the maillog file: >> Apr 6 10:12:57 mg05 postfix/smtpd[4632]: fatal: open >> /etc/postfix/cidr-ip: No such file or directory >> >> A "postmap -q<any-pattern-in-file> cidr-ip" returns the rest of the >> matching line correctly. >> An strace of "postmap -q<any-pattern> cidr-ip" shows it is the >> cidr-ip.db file that is being read. >> >> Why does postfix not like the source file being removed from the >> /etc/postfix directory? > > cidr tables are plain-text tables. The source file is the live table data. > The .db file is your mistake; cidr tables should not be indexed with > postmap. That surprises me. The man page seems to me to indicate otherwise. My confusion is with this sentence: "These tables are usually in dbm or db format." which is from the Description portion below... CIDR_TABLE(5) CIDR_TABLE(5) NAME cidr_table - format of Postfix CIDR tables SYNOPSIS postmap -q "string" cidr:/etc/postfix/filename postmap -q - cidr:/etc/postfix/filename <inputfile DESCRIPTION The Postfix mail system uses optional lookup tables. These tables are usually in dbm or db format. Alterna- tively, lookup tables can be specified in CIDR (Classless Inter-Domain Routing) form. In this case, each input is compared against a list of patterns. When a match is found, the corresponding result is returned and the search is terminated. To find out what types of lookup tables your Postfix sys- tem supports use the "postconf -m" command. To test lookup tables, use the "postmap -q" command as <snip> > > -- Noel Jones > -- Robert Lopez Unix Systems Administrator Central New Mexico Community College (CNM) 525 Buena Vista SE Albuquerque, New Mexico 87106
From: Noel Jones on 6 Apr 2010 14:14
On 4/6/2010 12:57 PM, Robert Lopez wrote: > On Tue, Apr 6, 2010 at 10:52 AM, Noel Jones<njones(a)megan.vbhcs.org> wrote: >> On 4/6/2010 11:39 AM, Robert Lopez wrote: >>> >>> For some time I have been tracking changes to the access table with RCS. >>> Each time a change is made the "ci access" results in the removal of >>> the access file from /etc/postfix and leaving the >>> /etc/postfix.access.db file. >>> >>> Today I tried to check in a cidr table named cidr-ip. Upon check-in >>> (and restart of postfix) I got this message in the maillog file: >>> Apr 6 10:12:57 mg05 postfix/smtpd[4632]: fatal: open >>> /etc/postfix/cidr-ip: No such file or directory >>> >>> A "postmap -q<any-pattern-in-file> cidr-ip" returns the rest of the >>> matching line correctly. >>> An strace of "postmap -q<any-pattern> cidr-ip" shows it is the >>> cidr-ip.db file that is being read. >>> >>> Why does postfix not like the source file being removed from the >>> /etc/postfix directory? >> >> cidr tables are plain-text tables. The source file is the live table data. >> The .db file is your mistake; cidr tables should not be indexed with >> postmap. > > That surprises me. > > The man page seems to me to indicate otherwise. > My confusion is with this sentence: > "These tables are usually in dbm or db format." That statement is followed by "Alternatively, ..." Writing concise, unambiguous man pages isn't easy. Contributed documentation patches are always welcome (but not always adopted). -- Noel Jones |