On 6/25/09 10:16 PM, "Victor Duchovni" <victor.ducho...@morganstanley.com> wrote:
> On Thu, Jun 25, 2009 at 10:36:09PM -0400, Sahil Tandon wrote: > >>> IIRC, the instance attribute identifies a mail transaction and is assigned >>> before the queue-id. >> >> My bad reading of src/smtpd/smtpd_check.c, then. But does that mean an >> instance can exist *before* the first recipient is accepted? For context: >> http://www.irbs.net/internet/postfix/0412/0896.html > > Yes. An instance (transaction) id is assigned at "MAIL FROM:" time, > provided the "MAIL" command iis not rejected. Problem is that none of that actually answers my original question about why I'm receiving some requests with no instance attribute. Here's the pertinent bit from main.cf: smtpd_helo_restrictions = smtpd_client_restrictions = smtpd_sender_restrictions = smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:9250 hash:/etc/postfix/protected_destinations,proxy:ldap:limittag permit_mynetworks permit_sasl_authenticated reject_unauth_destination reject_invalid_hostname reject_non_fqdn_recipient reject_unknown_sender_domain reject_unknown_recipient_domain check_client_access hash:/etc/postfix/client_checks I never found it useful to separate smtpd restrictions (which may be wrong). Since I am just listening and not yet actually implementing policies, I had the check service first so that every message generates a request. In actual production, the policy checks will follow after the rejects. So the question remains, how do I interpret those requests that lack the instance attribute? Thanks. Rob Tanner UNIX Services Manager Linfield College, McMinnville Oregon 503-883-2558
