Bowie Bailey writes:
On 9/24/2014 4:22 PM, Lindsay Haisley wrote: > What is the order of processing and precedence of address blocks > in /etc/courier/smtpaccess/* ? It looks to me as if a more specific > block, either whitelist or reject, trumps a more general block so that a > reject of 192.168.1.0/24 followed - or preceded - by a whitelist of > 192.168.1.16 would block everything in the larger block EXCEPT the > whitelisted address. Is this the case? If not, what's the rule? > > Is there any precedence of a directive depending on which file it's > found in in /etc/courier/smtpaccess? Do the directives in one file take > precedence over the directives in another? > > I would assume, since the whole directory is processed into a > single .dat file with makesmtpaccess, that the same rule applies > regardless of which file a directive may be found in.The explanations for this are found in the couriertcpd man page. In particular: "couriertcpd always uses the line with the most specific IP address."
With a caveat. "Most specific" here means "octet boundary". I should clarify that in the man page.
makesmtpaccess uses Net::CIDR to expand out CIDR to even octet boundaries. So, an entry for 192.168.0.0/22 is going to get replicated as four entries: 192.168.0.*, 192.168.1.*, 192.168.2.* and 192.168.3.*.
Technically, an explicit entry for 192.168.1.0, for example, will be more specific, but it won't work in this case, because the CIDR notation get expanded (you should get an error, though).
pgpM19gMnFPDC.pgp
Description: PGP signature
------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
