Will Yardley: > > Actually, behavior depends on the parent_domain_matches_subdomains > > setting. The default setting includes mynetworks, meaning that > > example.com will match host.example.com by default. With mynetworks > > removed from from parent_domain_matches_subdomains, .example.com > > will match host.example.com. > > Ah, Ok.
More precisely, smtpd_client_event_limit_exceptions is not listed in parent_domain_matches_subdomains (and listing it there has no effect because there is no code that implements it). So the present behavior is as if smtpd_client_event_limit_exceptions is not listed in parent_domain_matches_subdomains. It borrows the general syntax of mynetworks, but it does not borrow its parent domain matching behavior. So I cannot suddenly change smtpd_client_event_limit_exceptions to behave exactly as mynetworks, because that would break existing systems. > On the current system (running 2.3.3), it does seem to behave as > expected (e.g., I've got .google.com and .gmail.com, and I'm not > throttling Gmail, which I'm sure would happen instantly if it wasn't > matching). > > $mynetworks is in $parent_domain_matches_subdomains: > > $ postconf parent_domain_matches_subdomains > parent_domain_matches_subdomains = > debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps > > Thanks -- it's very helpful to understand *why* this works. And this part of Postfix was under-documented. I just checked with other features that borrow from mynetworks. The postscreen_access_list feature has a permit_mynetworks sub-feature. This has its own parent_domain_matches_subdomains setting. So in the end I have done the same for smtpd_client_event_limit_exceptions. It now has its own parent_domain_matches_subdomains setting. This avoids breaking compatibility with existing configurations. Updated documentation fragments are below. Wietse smtpd_client_event_limit_exceptions (default: $mynetworks) Clients that are excluded from smtpd_client_*_count/rate_limit restric- tions. See the mynetworks parameter description for the parameter value syntax. ... Pattern matching of domain names is controlled by the presence or absence of "smtpd_client_event_limit_exceptions" in the par- ent_domain_matches_subdomains parameter value (postfix 2.12 and later). This feature is available in Postfix 2.2 and later. parent_domain_matches_subdomains (default: see postconf -d output) What Postfix features match subdomains of "domain.tld" automatically, instead of requiring an explicit ".domain.tld" pattern. This is planned backwards compatibility: eventually, all Postfix features are expected to require explicit ".domain.tld" style patterns when you really want to match subdomains. The following Postfix feature names are supported. Postfix version 1.0 and later debug_peer_list, fast_flush_domains, mynetworks, per- mit_mx_backup_networks, relay_domains, transport_maps Postfix version 1.1 and later qmqpd_authorized_clients, smtpd_access_maps, Postfix version 2.8 and later postscreen_access_list Postfix version 2.12 and later smtpd_client_event_limit_exceptions