Am I really using a CIDR map?
in [Postfix]
|
Prev: smtpd_recipient_restrictions = check_recipient_access &sendmail
Next: Relay certain domains in the sender part by defined ip addresses
From: Wietse Venema on 6 Apr 2010 14:23 Robert Lopez: Now that you mention the documentation: > SYNOPSIS > postmap -q "string" cidr:/etc/postfix/filename > > postmap -q - cidr:/etc/postfix/filename <inputfile > > DESCRIPTION .... > To test lookup tables, use the "postmap -q" command as > described in the SYNOPSIS above. It takes some perseverance to find that text. Wietse
From: /dev/rob0 on 6 Apr 2010 14:33 On Tue, Apr 06, 2010 at 11:57:00AM -0600, Robert Lopez wrote: > On Tue, Apr 6, 2010 at 10:52 AM, Noel Jones <njones(a)megan.vbhcs.org> > wrote: > > On 4/6/2010 11:39 AM, Robert Lopez wrote: > >> Why does postfix not like the source file being removed from the > >> /etc/postfix directory? > > > > cidr tables are plain-text tables. The source file is the live > > table data. The .db file is your mistake; cidr tables should not > > be indexed with postmap. > > That surprises me. > > The man page seems to me to indicate otherwise. > My confusion is with this sentence: > "These tables are usually in dbm or db format." > which is from the Description portion below... Yes, and it continues: "Alternatively, lookup tables can be specified in CIDR ... form." Taken together, with emphasis added: "These tables are USUALLY in dbm or db format. ALTERNATIVELY, lookup tables CAN BE ..." Perhaps the wording can be improved. The "usually" part is not so relevant as are the particulars of what a cidr: map should be. " The Postfix mail system uses optional lookup tables as described in the DATABASE_README document. Lists of IP addresses can be specified in CIDR (Classless Inter-Domain Routing) form. In this case, a plain text file is the map, with the standard "key whitespace value" format. When a match is found, the corresponding result is returned and the search is terminated. " I know, it's probably not appropriate to refer to a README in that part of a man page, but it seems more thorough and less likely to confuse, to me, than the "usually" verbiage. -- Offlist mail to this address is discarded unless "/dev/rob0" or "not-spam" is in Subject: header
From: Robert Lopez on 6 Apr 2010 14:35 On Tue, Apr 6, 2010 at 12:23 PM, Wietse Venema <wietse(a)porcupine.org> wrote: > Robert Lopez: > Now that you mention the documentation: > >> SYNOPSIS >> postmap -q "string" cidr:/etc/postfix/filename >> >> postmap -q - cidr:/etc/postfix/filename <inputfile >> >> DESCRIPTION > ... >> To test lookup tables, use the "postmap -q" command as >> described in the SYNOPSIS above. > > It takes some perseverance to find that text. That is another point that has me confused. I have been testing to make certain changes I have made to the access file were really there with postmap -q. With the movement of IP addresses and CIDR blocks out of the access file and into a "cidr-ip" file postmap -q would find them in the cidr-ip.db file. If I remove the .db ile (As Noel points out not necessary) then I get an error because postmap seems to only look in database files: $ postmap -q 222.254.228.0/24 cidr-ip postmap: fatal: open database cidr-ip.db: No such file or directory As I originally posted: "An strace of "postmap -q <any-pattern> cidr-ip" shows it is the cidr-ip.db file that is being read." by postmap. > > Wietse > -- Robert Lopez Unix Systems Administrator Central New Mexico Community College (CNM) 525 Buena Vista SE Albuquerque, New Mexico 87106
From: Noel Jones on 6 Apr 2010 14:38 On 4/6/2010 1:35 PM, Robert Lopez wrote: > On Tue, Apr 6, 2010 at 12:23 PM, Wietse Venema<wietse(a)porcupine.org> wrote: >> Robert Lopez: >> Now that you mention the documentation: >> >>> SYNOPSIS >>> postmap -q "string" cidr:/etc/postfix/filename >>> >>> postmap -q - cidr:/etc/postfix/filename<inputfile >>> >>> DESCRIPTION >> ... >>> To test lookup tables, use the "postmap -q" command as >>> described in the SYNOPSIS above. >> >> It takes some perseverance to find that text. > > That is another point that has me confused. > I have been testing to make certain changes I have made to the access file > were really there with postmap -q. > > With the movement of IP addresses and CIDR blocks out of the access > file and into a "cidr-ip" file postmap -q would find them in the > cidr-ip.db file. > If I remove the .db ile (As Noel points out not necessary) then I get > an error because postmap seems to only look in database files: > > $ postmap -q 222.254.228.0/24 cidr-ip > postmap: fatal: open database cidr-ip.db: No such file or directory > > As I originally posted: "An strace of "postmap -q<any-pattern> > cidr-ip" shows it is the cidr-ip.db file that is being read." by > postmap. The key for a cidr map must be an IP address, not a literal cidr range. postmap -q 222.254.225.5 cidr:cidr-ip -- Noel Jones
From: Charles Marcus on 6 Apr 2010 14:40
On 2010-04-06 2:35 PM, Robert Lopez wrote: > If I remove the .db ile (As Noel points out not necessary) then I get > an error because postmap seems to only look in database files: > > $ postmap -q 222.254.228.0/24 cidr-ip > postmap: fatal: open database cidr-ip.db: No such file or directory Did you miss this from Wietse? "SYNOPSIS > postmap -q "string" cidr:/etc/postfix/filename" Note the 'cidr:/' prefix to the file path/name? Noel already pointed out you need to use a single IP as the key... -- Best regards, Charles |