Noel Jones wrote:
On 9/18/2009 10:41 AM, VR wrote:
Noel Jones wrote:
On 9/15/2009 11:01 AM, Stan Hoeppner wrote:
Ahhh, is this one of the reasons some folks put 'all' of their
restrictions under smtpd_recipient_restrictions (only have to list
things once)?
Yes, exactly.
-- Noel Jones
This raises a question for me...
If all the checks are listed under smtp_recipient_restrictions...
doesn't postfix still step through each smtpd_*_restrictions "class"
regardless?
E.g.
/etc/postfix/main.cf
smtpd_recipient_restrictions =
check_client_access hash:/etc/postfix/access_client
#(bumps against client criteria)
reject_non_fqdn_helo_hostname
#(bumps against helo criteria)
and so on...
If collapsing all checks into smtp_recipient_restrictions, and to be
thorough, would you still need to do something like:
/etc/postfix/main.cf
smtpd_recipient_restrictions =
check_client_access hash:/etc/postfix/access
check_helo_access hash:/etc/postfix/access
check_recipient_access hash:/etc/postfix/access
check_sender_access hash:/etc/postfix/access
check_...
to address checking each portion of the smtp transaction?
Sort of. It's bad practice to reuse a map for several purposes - you
should have different maps for client, helo, sender, etc. You should
also always explicitly specify check_{client, helo, sender, ...}_access
for any table lookups.
So the end result is really the same.
-- Noel Jones
OK, understanding reuse of a check is bad...
Say for discussion it looks more like this:
/etc/postfix/main.cf
smtpd_recipient_restrictions =
check_client_access hash:/etc/postfix/access_client
check_helo_access hash:/etc/postfix/access_helo
check_recipient_access hash:/etc/postfix/access_recipient
check_sender_access hash:/etc/postfix/access_sender
check_...
It would seem because of how the flow of processing works an entry
(white or black listed) would still need to appear in each check even
when collapsed under smtpd_recipient_restrictions?
Are there recommendations for collapsing the checks under
smtpd_recipient_restrictions to simplify whitelisting (or blacklisting)
things without reproducing entries in the check files or having to
maintain individual files?
