Viktor Dukhovni:
> > Rather than disabling helo checks, it is possible to put them in
> > smtpd_recipient_restrictions or smtpd_relay_restrictions *AFTER* actual
> > relay restrictions, so that the first error hit is the unauthorized
> > relay.
>
> Unfortunately, smtpd_recipient_restrictions runs *before*
> smtpd_relay_restrictions (in recent Postfix releases), and there was
> some discussion of making that configurable, but I forget where that
> ended up... I agree that one would naively expect the relay checks
> to run first, and the current behaviour (though "safer" in some
> sense) is surprising.
We could gate this with "compatibility_level = 3.6" which is already
being used for some TLS-related breaking changes.
Strawman:
smtpd_relay_before_recipient_restictions =
${ {$compatibility_level} <level {3.6} ? {no} : {yes} }
The weird '<level' operator is needed because we're switching
compatibility_level settings from 1, 2, ... to settings that match
the Postfix version that introduces the breaking change.
With the old '<' operator, 3.10 would be smaller than 3.9 which
is undesirable.
Wietse
