single, double, triple, multiple, n-tuple, gives us "4-tuple".
We don't have a "quadriple" so "4-tuple" is what I call it. The "4" "tuples" are: 1. "SMTP client": the machine sending to our "SMTP server". About which we know the IP address and maybe PTR hostname. 2. "HELO Hostname" 3. "Envelope sender", the MAIL FROM:<[EMAIL PROTECTED]> 4. "Envelope recipient", the RCPT TO:<[EMAIL PROTECTED]> IMGate prefers to decide whether to accept/reject a msg based on the above 4tuple info, to avoid proceeding to the ensuing DATA command where the expensive volume of the msg is, and what we all want to avoid handling if the msg is SPAM. postfix is a modular program, where each module (stmpd, qmgr, cleanup, smtp, etc) writes its own log line with only one item of the 4tuple info. It's very hard and maillog scanning intensive to construct the 4tuple info for a single msg from multiple log lines by finding all the log lines using the msg ID. However, reject (and reject_warning) lines log the entire 4-tuple on one log line. The 4tuple filter helo_world.regexp (the helo filter that includes everybody, the "world") runs last in the smtpd_recipient_restrictions, just before the "permit" (accept) action. The 4tuple "filter" is fake log line which is a reject_warning (the msg is NOT actually rejected, but only logged silently, invisibly) that matches any HELO hostname using a match string of /.*/ so we can log the 4tuple of ACCEPTED msgs onto one line. Note: if a msg is accepted by a whitelist action, then the msg will exit the smtpd_recipient_restrictions at the point of whitelisting and will not arrive down the list to the helo_world.regexp filter, and so there will be no 4tuple log line for whitelisted msgs. You will be accepting more messages (whitelisted and non-whitelisted) than the 4tuple reports show (only non-whitelisted). Len
