Ville Walveranta a écrit : > On Sun, Nov 23, 2008 at 3:35 AM, mouss <[EMAIL PROTECTED]> wrote: >> As Henrik says, you can break them with /x. > > Got it to work after realizing a blank space is needed in front of the > continuation lines... > >> Note that in this example, pcre is too much. a hash (or cdb) will do fine: >> >> virtualdomain1.com REJECT >> virtualdomain2.com REJECT > > There is another (PCRE) clause in the file to prepend a header, though > I suppose I could split it in two files since cdbs are faster to > discern domains. > >>> .. in the end, thinking that the ones that are not explicitly rejected >>> should be allowed in the context of this PCRE table. But since the >>> table is called from smtpd_recipient_restrictions, such a statement >>> creates an open relay. >> it doesn't look like you need that line anyway (you want to continue >> processing other checks, no?). >> >> Anyway, when such checks are to be performed before >> reject_unauth_destination, it is safer to put them in >> smtpd_sender_restrictions. > > Correct. But does Postfix know about the recipient information at > smtpd_sender_restrictions stage to check for recipient access? I > should re-read the stage document but it seems, if I remember > correctly, that both the sender and recipient information are > validated at the same time (i.e. a failed smtpd_sender_restrictions > check doesn't produce an error until after RCPT TO has been issued). >
yes, in the default setup (smtpd_delay_reject=yes).
