In message <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Wietse Venema) wrote:
>Instead of inbound/outbound, Postfix uses the concept of mail relay >authorization in the SMTP server. Yes. Thank you for clarifying. You're correct that this is really what I want my policy server to tailor its behavior based upon, i.e. the answer to the question "Is the current client authorized for relaying or not?" >If the policy protocol is to provide the information needed to >determine mail relay authorization, then it would have to list all >the configured smtpd_recipient_restrictions as policy protocol >elements. Why? I mean isn't Postfix making this determination (relay authorized / unauthorized) internally itself already anyway? Assuming so, then why can't it just simply pass the results of its own determination out to an external policy server? I think that you have quite clearly hit the nail on the head when you say that the information I really want in the policy server is just the [yes/no] answer to the question "Is the client authorized for relaying?" It seems to me that Postfix already must compute the answer to that question, based upon (as you have noted) a whole bunch of different bits of Postfix-specific configuration information. Yes? Assuming so, then is there anything that would prevent Postfix from simply passing that one useful bit of information out/down to an external policy server? Quite obviously, you are correct when you say that Postfix has to take a whole lot of different variables (actually, configuration parameters) into account when it is computing the answer to the question: "Is the client authorized (for relaying)?" And the computation itself is somewhat complex. This is all the more reason why I really _don't_ want to try to mirror or duplicate Postfix's own calculations of the "Is the client authorized?" answer within my own policy server... because I am likely to screw it up in some cases and not reach the exactly same answer as Postfix itself reached... at least on some occasions (corner cases?). Whatever causes that divergence, regadless of whether it is version skew related to the variables or version skew related to the computation algo- rithim, if the policy server's computation of the [yes/no] answer reaches a different result than Postfix itself did, then things are likely to screw up. So this is why I think it would be better for Postfix to simply tell policy servers what it itself already decided, so that ploicy servers don't have to re-do the analysis themselves, maybe screwing it up in the process. >I have no time, but I can proofread and suggest improvements. OK. That's fine by me. Can you please save me a bit of time and give me one hint to get me started however? In which data structure (and in which field) does Postfix stash its own answer to the question "Is the current client relay authorized?" Would that be struct SMTPD_STATE and field recipient_rcptmap_checked? Or am I way off base here? (I just glanced at SMTPD_STATE quickly and took a wild guess.)
