> In this structure, you must have at least one *positive* plugin at the > end of the chain which returns OK for any message that got this far. > That's why rcpt_ok exists and has the instruction to leave it for last.
This is true, but the objections are true as well. What the rcpt_ok plugin does - check if the message is to a remote target and when yes, check if the user may relay - should probably not done as the last step in the rcpt chain, but as the first step. It does not make any sense to check the recipient further if it is external and the user is not allowed to relay. Therefore i suggested moving this check to another plugin, e.g. name it check_relaytarget and DENY at this step when the user may not relay and the target is not local. Only if the message is local or the user is allowed to relay, more plugins from the rcpt chain needs to be executed. And the rcpt_ok plugin as the last plugin in the rcpt chain should then always return OK, because prohibited relaying would have been denied earlier. As he said: Checking rcpthosts and deny users who may not relay is a cheap operation and it would make sense to make it first instead of last. Regards Michael -- It's an insane world, but i'm proud to be a part of it. -- Bill Hicks
