Wietse Venema put forth on 8/22/2010 11:13 AM: > Stan Hoeppner: >> That's not necessarily true. It depends on the order of his >> smtpd_*_restrictions and whether he's using delayed evaluation. If he's >> using the multiple section restrictions style with delayed eval it's >> possible he may have an "OK" in a later table that causes the mail to be >> accepted even after the regexp check returned REJECT. > > Stan, > > That is incorrect. Coming back to a post that you made a week ago: > > Well at least I'm batting 50% and if this were baseball that > would be pretty good right. :) I wish I'd nailed your bigger > issue here, but that's why this list has multiple people with > varying degrees of experience and expertise. If folks like > myself miss the dart board, Noel, Viktor, or Wietse will come > in and hit the bullseye for you. :) > > I suggest that you avoid posting statements that you haven't verified > first-hand (by experiment, code review, or otherwise). > > There is enough incorrect information on the Internet, and and > there are enough people willing to repeat information without > validating it first.
My apologies. When I first ran into this issue many months ago, I was attempting to whitelist. IIRC, an "OK" in say smtpd_client_restrictions could later be overridden by a "REJECT" in say smtpd_helo_restrictions. This is why I switched to "everything under smtpd_recipient_restrictions". I guess I assumed that it worked the same both ways. So if we reverse the scenario and put the "REJECT" first, it's a final decision? If so, and if I've described the situation correctly, why do we have this opposite behavior between whitelisting and blacklisting? If I've not described this correctly, what am I missing? -- Stan