From: Magnus Bäck (no email)
Date: Sun Aug 01 2004 - 14:22:32 EDT
On Sunday, August 01, 2004 at 18:37 CEST,
Chris <> wrote:
> Ahh, sorry. To surmise, is there a logical diff if permit_mynetworks
> is where I have it listed, opposed to say the very last line below
> reject_non_fqdn_hostname.
Yes, the order is significant. The first match wins, i.e. the
first restriction to return anything other than "dunno" ends
the restriction-traversal.
> Lastly, I have been told in certain circles, that having "permit" as
> the very last line allows if the previous rules fail. Is this also
> true?
That depends on what you mean by "fail".
> smtpd_helo_restrictions =
> permit_mynetworks,
> check_helo_access hash:/usr/local/etc/postfix/helo_checks,
> reject_invalid_hostname,
> reject_unknown_hostname,
> reject_non_fqdn_hostname
Clients from within $mynetworks bypass all checks. Additionally,
the helo_checks map can return "OK" which would also bypass the
reject_mumble at the end of the restriction list.
-- Magnus Bäck
|
|
|