check_client_access not blocking /8 /16 /24 etc.

I'm curious to know what I've done wrong with my client checks file.

I can reject a specific IP but it won't reject when I use net blocks...
format is listed below in

Suggestions comments welcome.

smtpd_recipient_restrictions =
      check_client_access hash:/etc/postfix/,
      check_sender_access hash:/etc/postfix/,
     check_policy_service unix:private/policyd-spf,
     permit REJECT We have not seen your IP Address before.  Please visit
<a href="" title=""></a> to unblock your IP

I've run postmap and have the file set up.


Re: check_client_access not blocking /8 /16 /24 etc.

By Bill Cole at 07/11/2018 - 00:01

Pick a table format and use it.

That's CIDR format, not the domain/octet prefix form required for a
hashed access map.

See the man pages for access(5) and cidr_table(5) for the differences
and details, so you can pick one.

Also note: if you're going to reject all of by default, you
might as well simplify and go with an overall default reject policy.

Re: check_client_access not blocking /8 /16 /24 etc.

By Benny Pedersen at 07/10/2018 - 23:52

Philip skrev den 2018-07-11 04:24:

change hash here to cidr

and remember cidr does not need to be postmapped

it should be tested with

postmap -q cidr:/etc/postfix/

if it prints reject, it works :)