Re: Comprehension question on smtpd_*_restrictions and access tables

From: Kai Fürstenberg (no email)
Date: Fri Feb 02 2007 - 00:54:47 EST

  • Next message: Agn: "Mails are not going ..postfix + SASL Problem!!"

    Noel Jones schrieb:
    > At 06:58 AM 2/1/2007, Kai Fürstenberg wrote:
    >> But what about the "OK"-action in access tables? I always heard (and
    >> read) that, when a restriction receives an OK from an access table,
    >> the mail is accepted.
    > The mail skips from that smtpd_*_restrictions section to the next, the
    > sections are always evaluated in the order documented regardless of the
    > order in Within each section, restrictions are evaluated in
    > the order listed. The default empty value for smtpd_{client, helo,
    > sender, data, end_of_data}_restrictions is morally equivalent to
    > "permit". One can put just "permit" in each of these sections and have
    > no effect on mail processing.
    > The default value for smtpd_recipient_restrictions is
    > "permit_mynetworks, reject_unauth_desitination" which is what prevents
    > one from being an open relay. A bare "permit" is not allowed here.
    > Simplification:
    > smtpd_recipient_restrictions is for relay control, and optionally for
    > UCE controls.
    > All the other smtpd_*_restrictions sections are for UCE controls and
    > cannot allow relaying.
    >> E.G.:
    >> smtpd_client_restrictions =
    >> check_client_access hash:/etc/postfix/access
    >> reject
    >> smtpd_recipient_restrictions =
    >> reject
    >> /etc/postfix/access:
    >> OK
    >> When the client connects to Postfix, is he allowed to relay
    >> mail through postfix, because of the OK in the access table, or does
    >> this only take effect on smtpd_client_restrictions and the mail will
    >> be rejected because of the smtpd_recipient_restrictions?
    > In the above example, all mail will be rejected because of the
    > smtpd_recipient_restrictions settings. EACH smtpd_*_restrictions
    > section is evaluated for EVERY message. Each section must evaluate to
    > either "permit", "OK", or DUNNO (or no answer) for mail to be accepted.

    Thanks for the detailed explanation, Noel. It's clear now.


  • Next message: Agn: "Mails are not going ..postfix + SASL Problem!!"

    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs

    Powered By FreeBSD   Powered By FreeBSD