On Fri, Jul 22, 2011 at 09:04:37PM +0300, gaby wrote:
> I don't undestand what is difference between smtpd_client_restrictions and
> smtpd_recipient_restrictions?
Postfix has 6 top-level restriction lists:
smtpd_client_restrictions
smtpd_helo_restrictions
smtpd_sender_restrictions
smtpd_recipient_restrictions
smtpd_data_restrictions
smtpd_end_of_data_restrictions
They are almost identical.
- A message is rejected if any restriction list rejects the message,
otherwise it is accepted .
- By default the first 4 lists are applied serially for each
"RCPT TO" command.
- The "data" restrictions are applied at the "DATA" command, and
don't have access to the recipient address when the message has
more than 1 recipient.
- The "end_of_data" restrictions are applied at ".", and can provide
the actual message size to a policy service.
- To thwart most accidental open-relay configurations,
The recipient restrictions MUST contain an element that
rejects by default, that is one of:
reject_unauth_destination, reject, defer
this is not required for the other lists.
Otherwise you get four or so ways to filter the message envelope. Many
sites just use the recipient restrictions and leave all the rest empty.
Because an "OK" result from any restriction element terminates a given
restriction list, but still continues to the next list, in some
configurations, you get more expressive rules by using more than
one list.
--
Viktor.
