Ronald F. Guilmette:
>
> In message <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (Wietse Venema) wrote:
>
> >Instead of inbound/outbound, Postfix uses the concept of mail relay
> >authorization in the SMTP server.
>
> Yes. Thank you for clarifying. You're correct that this is really
> what I want my policy server to tailor its behavior based upon, i.e.
> the answer to the question "Is the current client authorized for
> relaying or not?"
>
> >If the policy protocol is to provide the information needed to
> >determine mail relay authorization, then it would have to list all
> >the configured smtpd_recipient_restrictions as policy protocol
> >elements.
>
> Why?
Because relay authorization is controlled by smtpd_recipient_restrictions.
The decision may involve multiple access controls, including
check_client_access, check_ccert_access, and so on, whose "value"
is currently not available as policy attributes.
Or the decision may involve just one rule:
smtpd_recipient_restrictions = reject_unauth_destination
which does not even involve mynetworks. This is what I use on
systems that don't relay mail from the network (they can still send
/usr/sbin/sendmail submissions with remote destinations).
> I mean isn't Postfix making this determination (relay authorized
> / unauthorized) internally itself already anyway?
No, the determination is made in smtpd_recipient_restrictions.
> Can you please save me a bit of time and give me one hint to get me started
> however? In which data structure (and in which field) does Postfix stash
> its own answer to the question "Is the current client relay authorized?"
There is no such field. smtpd_recipient_restrictions decides if
recipient is accepted or rejected. Postfix does not know if it was
rejected because of blacklisting or because of lack of permission.
Wietse
