Manuel Mely wrote: > mouss wrote: >> [EMAIL PROTECTED] wrote: >>> [snip] >>> My domain is example.com, and i have some subdomains (ie >>> ldap.example.com). >>> >>> So the problem is: If i send a message with RCPT TO >>> [EMAIL PROTECTED], >>> check_recipient_access rules starts checking this subdomain, but >>> since i >>> don't have this subdomain in my ldap lookup table and directory, it >>> must >>> finish with a reject right? >> >> No. it depends on parent_domain_matches_subdomains. see >> http://www.postfix.org/access.5.html >> > > I'm using postfix default values for parent_domain_matches_subdomains. > See postconf -d |grep parent_domain_matches_subdomains
Hint: You can do 'postconf <var_here>' (for current) or 'postconf -d <var_here>' (for default) then, no need for grep. > > parent_domain_matches_subdomains = > debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps > > By default (for backwards compatibility sake), Postfix will match all subdomains with their parents if the initial match is not found. mouss was pointing you in the right direction. Perhaps set 'parent_domain_matches_subdomains=' (that is empty). This changes the meaning of all subdomains to be explicitly set, the parent is prepended by a period, or fall prey to things like reject_unauth_destination and non-matching maps. Brian
