2009/6/25 Louis-David Mitterrand <vindex+lists-postfix-us...@apartia.org>: > /^((Received|X-Originating-IP):.+\b(124\.120\.1\.(<IP RANGE IN > REGEX>)\b/ > > in pcre:/etc/postfix/header_access. But converting IP ranges to regex'es > is time consuming and error prone. > > Is there a way to use a cidr table for header matching while retaining > control of the prefix ^(Received|X-Originating-IP) ?
I suspect you're out of luck. To be sufficiently general to be useful, I understand Postfix takes the entire header and uses it as a lookup key to the defined table (you're not limited to pcre/regexp, but not much else will be useful). Bare IP addresses of course wouldn't appear as headers, so you can't use a CIDR table. > Or another better way? Someone else may have a better, or they might say you should be using a DNSBL for this sort of purpose. I personally suspect this IP-based method won't stay up-to-date enough for practical purposes, which is why it's probably easier to let someone else do the work and use their blacklist.
