KLaM Postmaster a écrit : > Is the a readme or other document that that outlines an optimal order > for smtp_*_restrictions. > > > Sorry, I should have been a little more specific, I am talking about the > order of the parameters with in a class of restriction (eg. > smtp_recipient_restrictions), not the order of the restriction classes. > once again
no one size... there are criterias that you can use. here is a "candidate" list: - correctness. you want to order your checks so that they match your access policy. This is the most important criteria. while it is ok to ignore all the other ones, you can't afford to get this one wrong. - simplicity: keep your checks simple. this may mean letting some junk in for the sake of keeping a simple and maintainable configuration. of course, the junk you let in can be detected by your content filter. - "precision": when you reject a connection, the sender gets an error and you see that error in your log. when a transaction can be rejected because of multiple reasons, it is better if it is rejected by the "worst" reason. even if you don't care about the sender, it is better to reject a relay attempt with reject_unauth_destination than with a helo check. indeed, when you parse/check your logs, you don't need to wonder if a relay attempt is a false positive... - performances: This is only meaningful for sites that get a lot of mail and spam. it is meaningless without measurement. if applicable, then you should run cheap tests before expensive ones. for example, reject_invalid_helo_hostname is cheaper than check_foo_access, which is cheaper than reject_unknown_sender_domain. comments.suggestions, ... welcome.
