On Fri, 2010-09-24 at 03:37:22 -0400, Michael Orlitzky wrote: > >> # sutton-partners.com > >> /^64\.191\.79\.245$/ public_rbls > >> > >> # Default: check these lists. > >> # > >> /./ all_rbls > >> > >> However, 64.191.79.245 is still being subjected to the private RBL check: > >> > >> Sep 23 10:05:42 mx1 postfix/smtpd[12164]: connect from > >> unknown[64.191.79.245] > > ^^^^^^^ > > > > % host 64.191.79.245 > > 245.79.191.64.in-addr.arpa domain name pointer sutton-partners.com. > > % host sutton-partners.com > > sutton-partners.com has address 64.202.189.170 > > > > /./ is greedy! Explore check_reverse_client_hostname_access; and if > > it suits your needs, thank Noel Jones. :) > > Ok, I see what's going on. 'unknown' gets looked up first, and so /./ > matches it before the client IP address gets looked up.
Correct. > Wouldn't check_reverse_client_hostname_access suffer the same fate? No, because then Postfix passes the unverified reverse client hostname to the access(5) map, rather than 'unknown'. > I think switching to a CIDR map probably avoids matching the > 'unknown'; I'll give that a try. Yes, that would circumvent this issue; you could also modify your final pattern to match any IP, rather than anything and everything! -- Sahil Tandon <[email protected]>
