In my current main.cf, check_client_access hash:/etc/postfix/mta_clients_bw.map is the 11th item listed under smtpd_recipient_restrictions =
Would moving it to the top reject MTA's (sooner) that I know I don't ever want connecting? Would it cause any side effects? Or does postfix run through the entire list of tests in smtpd_recipient_restrictions before ok'ing or rejecting? Current: smtpd_recipient_restrictions = reject_unauth_pipelining, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_recipient_domain, hash:/etc/postfix/to_recipients_bw.map, reject_unverified_sender, reject_unverified_recipient, reject_unknown_sender_domain, permit_mynetworks, reject_unauth_destination, check_client_access hash:/etc/postfix/mta_clients_bw.map, pcre:/etc/postfix/to_recipients_bw.regexp, etc. etc. Proposed: smtpd_recipient_restrictions = check_client_access hash:/etc/postfix/mta_clients_bw.map, reject_unauth_pipelining, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_recipient_domain, hash:/etc/postfix/to_recipients_bw.map, reject_unverified_sender, reject_unverified_recipient, reject_unknown_sender_domain, permit_mynetworks, reject_unauth_destination, pcre:/etc/postfix/to_recipients_bw.regexp, etc. etc. Mike
