> What is a valid result depends on what the result is used for: an
> access table expects results as described in the access(5) manpage,
> a virtual aliases table expects the results as described in the
> virtual(5) manpage, a transport table expects results as described
> in the transport(5) manpage, a the local aliases table expects
> results as described in the aliases(5) manpage. You get the idea.
Generally speaking, yes. But it's not so clear (to me) when applying to a
specific case, like postscreen_access.
>
> > 2) Is there a difference between "OK" and "permit"? If so, what?
> > 3) When can/should text follow the "reject"
>
> Those things are described in the access(5) manpage.
Hmmm ... I don't see it.
The access(5) manpage lists many valid result formats, including OK.
Regarding OK and permit, it says:
OK Accept the address etc. that matches the pattern.
... and then the only mention of permit is:
restriction...
Apply the named UCE restriction(s) (permit,
reject,
reject_unauth_destination, and so on).
So I don't see the answer. In fact, OK doesn't seem to make sense for
postscreen_access. After all, OK what? OK blacklist the address? OK
whitelist the address?
I realize the difficulty of documenting something that's so infinitely
flexible. But without saying more explicitly what's allowed and what's not,
there's just too much indirection (for me) to follow.
So, back to my original question ... for postscreen_access.cidr:
-- what would be the difference in behavior between using "OK" vs. "permit"?
-- when can/should text follow the reject?
Also, I can't find anywhere that says if the case matters. Is "PERMIT"
equivalent to "permit"?
Thanks,
Michael
