On Sat, 28 Mar 2009, mig wrote: > I wrote a policy server (that do RBL checks and dynamically disable slow RBL > servers). I supposed the right place is the smptd_client_restrictions: > > smtpd_client_restrictions = > check_policy_service unix:/opt/mailfilter/client_restrictions > smtpd_helo_required = yes > smtpd_recipient_restrictions = > reject_invalid_hostname, > reject_unauth_pipelining, > reject_non_fqdn_sender, > reject_unknown_sender_domain, > reject_non_fqdn_recipient, > reject_unknown_recipient_domain, > permit_sasl_authenticated, > permit_mynetworks > > Unfortunatelly it doesn't work as expected. The policy is not executed when a > client connects, but on each RCPT TO. It behaves the same way as if the > policy was under the smtpd_recipient_restrictions. In my case, it means that > the RBL checks will be done again for each RCPT TO... > > I tried to put the check_policy_service under different restrictions > (smtpd_helo_restrictions, smtpd_sender_restrictions), but with the same > result - it worked, but as if it was in the RCPT state. > smtpd_data_restrictions is the only state where it works well, so the > protocol_state=DATA. > > Is this a bug or a feature?
By default, smtpd_delay_reject = yes, which means smtpd(8) will wait until the RCPT TO stage of the SMTP conversation before evaluating the $smtpd_client_restrictions, $smtpd_helo_restrictions and $smtpd_sender_restrictions. This is a feature documented in postconf(5). -- Sahil Tandon <sa...@tandon.net>
