Will Yardley:
> > Actually, behavior depends on the parent_domain_matches_subdomains
> > setting.  The default setting includes mynetworks, meaning that
> > example.com will match host.example.com by default. With mynetworks
> > removed from from parent_domain_matches_subdomains, .example.com
> > will match host.example.com.
> 
> Ah, Ok.

More precisely, smtpd_client_event_limit_exceptions is not listed
in parent_domain_matches_subdomains (and listing it there has no
effect because there is no code that implements it).

So the present behavior is as if smtpd_client_event_limit_exceptions
is not listed in parent_domain_matches_subdomains. It borrows the
general syntax of mynetworks, but it does not borrow its parent
domain matching behavior. 

So I cannot suddenly change smtpd_client_event_limit_exceptions
to behave exactly as mynetworks, because that would break existing
systems.

> On the current system (running 2.3.3), it does seem to behave as
> expected (e.g., I've got .google.com and .gmail.com, and I'm not
> throttling Gmail, which I'm sure would happen instantly if it wasn't
> matching).
> 
> $mynetworks is in $parent_domain_matches_subdomains:
> 
> $ postconf parent_domain_matches_subdomains
> parent_domain_matches_subdomains = 
> debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps
> 
> Thanks -- it's very helpful to understand *why* this works.

And this part of Postfix was under-documented.

I just checked with other features that borrow from mynetworks.
The postscreen_access_list feature has a permit_mynetworks sub-feature.
This has its own parent_domain_matches_subdomains setting.

So in the end I have done the same for smtpd_client_event_limit_exceptions.
It now has its own parent_domain_matches_subdomains setting. This
avoids breaking compatibility with existing configurations.

Updated documentation fragments are below.

        Wietse

smtpd_client_event_limit_exceptions (default: $mynetworks)
       Clients that are excluded from smtpd_client_*_count/rate_limit restric-
       tions. See the mynetworks parameter description for the parameter value
       syntax.

        ...

       Pattern  matching  of  domain  names  is  controlled by the presence or
       absence   of   "smtpd_client_event_limit_exceptions"   in   the    par-
       ent_domain_matches_subdomains parameter value (postfix 2.12 and later).

       This feature is available in Postfix 2.2 and later.

parent_domain_matches_subdomains (default: see postconf -d output)
       What  Postfix  features match subdomains of "domain.tld" automatically,
       instead of  requiring  an  explicit  ".domain.tld"  pattern.   This  is
       planned  backwards compatibility:  eventually, all Postfix features are
       expected to require explicit  ".domain.tld"  style  patterns  when  you
       really want to match subdomains.

       The following Postfix feature names are supported.

       Postfix version 1.0 and later
              debug_peer_list,     fast_flush_domains,     mynetworks,    per-
              mit_mx_backup_networks, relay_domains, transport_maps

       Postfix version 1.1 and later
              qmqpd_authorized_clients, smtpd_access_maps,

       Postfix version 2.8 and later
              postscreen_access_list

       Postfix version 2.12 and later
              smtpd_client_event_limit_exceptions

Reply via email to