Sorry I wasn't clear enough in my question. Using Len's sample main.cf: smtpd_recipient_restrictions = reject_unauth_pipelining, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_recipient_domain, hash:/etc/postfix/to_recipients_bw.map, reject_unverified_sender, reject_unverified_recipient, reject_unknown_sender_domain, etc, etc, etc, permit
In to_recipients_bw.map I have domains and IP address that I don't not want mail from. If I move hash:/etc/postfix/to_recipients_bw.map, to the top of the list, will the other tests defind within smtpd_recipient_restrictions (like reject_unverified_recipient (7th test)) still be processed until the end of the whole statement is reached or does a reject stop any further processing of smtpd_recipient_restrictions immediately at the point of of a positive match. Basically I'm trying to save on processing time. If there is an IP or domain I don't want any email then the other test are irrelavent. Mike ----- Original Message ----- From: "Cybertime Hostmaster" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, January 22, 2004 2:14 PM Subject: [IMGate] Re: Question on order of restrictions > > > Does postfix stop processing the restrictions as soon as a reject is > > matched? > > Yes and no. > > > In other words if I move my own ip and domain blacklist to the top does > > postfix stop and reject as soon as a match is found? > > You have different smtpd_*_restrictions, each is an ordered list. > > All of the smtpd_*_restrictions ordered lists must give back a permit > result or the mail is rejected. > > To have full control over the order, using one of these ordered lists, say > smtpd_recipient_restrictions, and putting your checks in it allows you to > control what happens when, and where your OKs are. > > Inside these ordered lists there are basically two types of files that can > be checked against, a database or a regular expression. > > A database is matched in the order laid out in man 5 access, > http://www.postfix.org/access.5.html which defines an order along the > lines of domain.tld, net.work.addr.ess, net.work.addr, net.work, and > lastly net. > > So in a database, if you were to lookup 192.168.8.4, and your map file > looked like this: > > 192.168 REJECT > 192.168.8.4 OK > > The OK would match 192.168.8.4 even though it is below the 192.168.8. > This because in the order of operations, net.work.addr.ess has precedence > over net.work. > > Regular expressions are a first match wins. > > So lets go back to 192.168.8.4. > > /192\.168/ REJECT > /192\.168\.8\.4/ OK > > In this case, the REJECT takes precedence. > > So it seems that Regular Expressions are better because they offer you > more control. > > But here is the down side. The Regular Expressions take more processor > time, and tend to delay the reception of mail more. > > So you do not want to do everything in Regular Expressions. > > The balance is to do pure rejection lists where you do not need much > control over the order of operations in database formats, and then do > those few things were you need full control with Regular Expressions. > > --Eric > > > >
