On 5/7/2015 1:48 PM, Wietse Venema wrote:
Rod K:
I'm trying to implement
check_client_restrictions =
check_client_access pgsql:/path/to/local_blacklist-sql.cf,
Note that this also makes queries with client name parent domains
and network prefixes (see the section "HOST NAME/ADDRESS PATTERNS"
in the access(5) manpage).
I'm aware. When the query term is NOT a valid dotted quad it returns
DUNNO, even for hostnames.
Search order:
domain.tld
.domain.tld
net.work.addr.ess
net.work.addr
...
"
*DUNNO* Pretend that the lookup key was not found. This prevents Postfix
from trying substrings of the lookup key (such as a subdomain
name, or a network address subnetwork).
"
This to me means the first lookup would check domain.tld (receive DUNNO so skip
.domain.tld), then lookup net.work.addr.ess which will return DUNNO or REJECT
(no further lookups)
I am handling matching for subnets internally so there is no need for further
network address lookups.
Am I misunderstanding? Is the initial DUNNO for domain.tld preventing
net.work.addr.ess queries?
