Will Yardley:
> > Actually, behavior depends on the parent_domain_matches_subdomains
> > setting. The default setting includes mynetworks, meaning that
> > example.com will match host.example.com by default. With mynetworks
> > removed from from parent_domain_matches_subdomains, .example.com
> > will match host.example.com.
>
> Ah, Ok.
More precisely, smtpd_client_event_limit_exceptions is not listed
in parent_domain_matches_subdomains (and listing it there has no
effect because there is no code that implements it).
So the present behavior is as if smtpd_client_event_limit_exceptions
is not listed in parent_domain_matches_subdomains. It borrows the
general syntax of mynetworks, but it does not borrow its parent
domain matching behavior.
So I cannot suddenly change smtpd_client_event_limit_exceptions
to behave exactly as mynetworks, because that would break existing
systems.
> On the current system (running 2.3.3), it does seem to behave as
> expected (e.g., I've got .google.com and .gmail.com, and I'm not
> throttling Gmail, which I'm sure would happen instantly if it wasn't
> matching).
>
> $mynetworks is in $parent_domain_matches_subdomains:
>
> $ postconf parent_domain_matches_subdomains
> parent_domain_matches_subdomains =
> debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps
>
> Thanks -- it's very helpful to understand *why* this works.
And this part of Postfix was under-documented.
I just checked with other features that borrow from mynetworks.
The postscreen_access_list feature has a permit_mynetworks sub-feature.
This has its own parent_domain_matches_subdomains setting.
So in the end I have done the same for smtpd_client_event_limit_exceptions.
It now has its own parent_domain_matches_subdomains setting. This
avoids breaking compatibility with existing configurations.
Updated documentation fragments are below.
Wietse
smtpd_client_event_limit_exceptions (default: $mynetworks)
Clients that are excluded from smtpd_client_*_count/rate_limit restric-
tions. See the mynetworks parameter description for the parameter value
syntax.
...
Pattern matching of domain names is controlled by the presence or
absence of "smtpd_client_event_limit_exceptions" in the par-
ent_domain_matches_subdomains parameter value (postfix 2.12 and later).
This feature is available in Postfix 2.2 and later.
parent_domain_matches_subdomains (default: see postconf -d output)
What Postfix features match subdomains of "domain.tld" automatically,
instead of requiring an explicit ".domain.tld" pattern. This is
planned backwards compatibility: eventually, all Postfix features are
expected to require explicit ".domain.tld" style patterns when you
really want to match subdomains.
The following Postfix feature names are supported.
Postfix version 1.0 and later
debug_peer_list, fast_flush_domains, mynetworks, per-
mit_mx_backup_networks, relay_domains, transport_maps
Postfix version 1.1 and later
qmqpd_authorized_clients, smtpd_access_maps,
Postfix version 2.8 and later
postscreen_access_list
Postfix version 2.12 and later
smtpd_client_event_limit_exceptions
