On Wed, Dec 09, 2009 at 03:42:30PM -0500, Wietse Venema wrote: > Len Conrad: > > postconf -n | egrep postscreen > > > > postscreen_blacklist_action = drop > > postscreen_blacklist_networks = > > mysql:/usr/local/etc/postfix/mysql-mta_clients_b.cf > ... > > postscreen_whitelist_networks = $mynetworks, > > hash:/usr/local/etc/postfix/mta_clients_white.map > > > > postmap -q "12.184.45.106" /usr/local/etc/postfix/mta_clients_white.map > > ok > > > > but still > > > > Dec 9 15:16:01 mx101 postfix/postscreen[94732]: BLACKLISTED 12.184.45.106 > > The postscreen manpage lists the tests in the order of execution. > Thus, the blacklist is done tested first. If the client is not > blacklisted, then the whitelist test is done. And so on. > > I could swap the order of black/white tests if there is agreement that > the current order is not optimal, but something has to go first. > > Wietse > It would make more sense to have the whitelist first since that is its normal use, overriding a restriction.
Regards, Ken
