From: Chris (no email)
Date: Sun Aug 01 2004 - 14:26:35 EDT
Magnus Bäck wrote:
> On Sunday, August 01, 2004 at 18:37 CEST,
> Chris <> wrote:
>
>
>>Ahh, sorry. To surmise, is there a logical diff if permit_mynetworks
>>is where I have it listed, opposed to say the very last line below
>>reject_non_fqdn_hostname.
>
>
> Yes, the order is significant. The first match wins, i.e. the
> first restriction to return anything other than "dunno" ends
> the restriction-traversal.
>
>
>>Lastly, I have been told in certain circles, that having "permit" as
>>the very last line allows if the previous rules fail. Is this also
>>true?
>
>
> That depends on what you mean by "fail".
I was told that by having permit, it acts as a failsafe. Meaining that
if the above rules fail to stop (in this case) then permit it anyways.
I don't agree with that of course. To me, it sorta defeats the purpose
of having the reject_mumble
>
>>smtpd_helo_restrictions =
>> permit_mynetworks,
>> check_helo_access hash:/usr/local/etc/postfix/helo_checks,
>> reject_invalid_hostname,
>> reject_unknown_hostname,
>> reject_non_fqdn_hostname
>
>
> Clients from within $mynetworks bypass all checks. Additionally,
> the helo_checks map can return "OK" which would also bypass the
> reject_mumble at the end of the restriction list.
>
Ahh - thanks. Thought so. Perfect!
-- Best regards, Chris
|
|
|