On 10/6/2009 8:06 PM, Patrick Horgan wrote:
Sahil Tandon wrote:
Is the order significant, i.e. is permit_mynetworks,
The order of restrictions is generally significant.
permit_sasl_authenticated the same as
permit_sasl_authenticated,permit_mynetworks?
No. The first example does not allow networks specified in $mynetworks
to relay through your server without authentication.
Really! I'm surprised, I would have thought the rule would be first
matched. So permit_mynetworks,permit_sasl_authenticated won't allow
$mynetworks through without authentication? Just asking for verification
because I'm so surprised! (And because it seems to be working just fine
right now!)
patrick
You misunderstood Sahil's answer.
Hopefully to clarify, Yes the order of restrictions is
significant; first "permit" or "reject" match wins.
However, in the case of {permit_sasl_authenticated,
permit_mynetworks} vs. {permit_mynetworks,
permit_sasl_authenticated} the order is not significant. If a
client matches either of the restrictions, it will be
considered "permit". If the rule doesn't match at all
(DUNNO), then continue processing with the next rule.
-- Noel Jones
