[pfx] Re: Why does Postfix evaluate relay restrictions despite an early permit in recipient restriction?
Dnia 11.11.2023 o godz. 17:58:04 Matthias Nagel via Postfix-users pisze: > > Thanks for clarification. What happens if Postfix find a PERMIT in an > earlier restriction list (which shortcuts that list), but then finds a > DENY in a later restriction list? What takes precedence? The earlier > PERMIT or the later DENY? It works exactly in the order you described above. First, Postfix finds a PERMIT, so skips the rest of this list and goes on with evaluating next lists. The PERMIT has already been acted on and is no more relevant. Next, it finds a DENY, so rejects mail. -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Why does Postfix evaluate relay restrictions despite an early permit in recipient restriction?
On 2023-11-11 at 12:58:04 UTC-0500 (Sat, 11 Nov 2023 17:58:04 +) Matthias Nagel via Postfix-users is rumored to have said: Am Samstag, 11. November 2023, 18:51:04 CET schrieb Bill Cole via Postfix-users: Nope. Review the restriction list docs. PERMIT only short-circuits the current restriction list. Later restriction in the same list are skipped, but later lists are still run. DENY or DEFER acts immediately. Thanks for clarification. What happens if Postfix find a PERMIT in an earlier restriction list (which shortcuts that list), but then finds a DENY in a later restriction list? What takes precedence? The earlier PERMIT or the later DENY? PERMIT causes Postfix to skip the rest of the specific list that it is part of. DENY acts immediately. DEFER acts immediately The documentation is perfectly clear on this. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Why does Postfix evaluate relay restrictions despite an early permit in recipient restriction?
Am Samstag, 11. November 2023, 18:51:04 CET schrieb Bill Cole via Postfix-users: > Nope. Review the restriction list docs. PERMIT only short-circuits the > current restriction list. Later restriction in the same list are > skipped, but later lists are still run. DENY or DEFER acts immediately. Thanks for clarification. What happens if Postfix find a PERMIT in an earlier restriction list (which shortcuts that list), but then finds a DENY in a later restriction list? What takes precedence? The earlier PERMIT or the later DENY? -- Matthias Nagel Dachtlerstr. 2, 40499 Stuttgart Festnetz: +49-711-25295180, Mobil: +49-151-15998774 E-Mail: matthias.h.na...@posteo.de, Skype: nagmat84, Threema: 86VM8KN7 ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Why does Postfix evaluate relay restrictions despite an early permit in recipient restriction?
On 2023-11-11 at 12:26:18 UTC-0500 (Sat, 11 Nov 2023 17:26:18 +) Matthias Nagel via Postfix-users is rumored to have said: Hello all, I am running Postfix 3.8.1. Postfix serves port 25 for incoming mail from other MTAs and port 587 for authenticated MUAs. Postfix is supposed to check SPF for mails from other MTAs on port 25, but not for mails from authenticated MUAs on port 587. To this end, there is a SPF check inside „recipient_restrictions“, but authenticated clients are already permitted by an early „permit_sasl_authenticated“ inside „relay_restrictions“. According to my understanding, Postfix should stop evaluation of the access rules as soon as a final decision has been made. I thought, Postfix evaluates 1. client restrictions 2. helo restrictions 3. sender restrictions 4. recipient restrictions 5. relay restrictions 6. data restrictions 7. end-of-data restrictions in that order until either a final PERMIT, DENY or DEFER is found. Nope. Review the restriction list docs. PERMIT only short-circuits the current restriction list. Later restriction in the same list are skipped, but later lists are still run. DENY or DEFER acts immediately. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org