Kenneth Marshall:
> On Wed, Dec 09, 2009 at 03:42:30PM -0500, Wietse Venema wrote:
> > Len Conrad:
> > > postconf -n | egrep postscreen
> > >
> > > postscreen_blacklist_action = drop
> > > postscreen_blacklist_networks =
> > > mysql:/usr/local/etc/postfix/mysql-mta_clients_b.cf
> > ...
> > > postscreen_whitelist_networks = $mynetworks,
> > > hash:/usr/local/etc/postfix/mta_clients_white.map
> > >
> > > postmap -q "12.184.45.106" /usr/local/etc/postfix/mta_clients_white.map
> > > ok
> > >
> > > but still
> > >
> > > Dec 9 15:16:01 mx101 postfix/postscreen[94732]: BLACKLISTED 12.184.45.106
> >
> > The postscreen manpage lists the tests in the order of execution.
> > Thus, the blacklist is done tested first. If the client is not
> > blacklisted, then the whitelist test is done. And so on.
> >
> > I could swap the order of black/white tests if there is agreement that
> > the current order is not optimal, but something has to go first.
> >
> > Wietse
> >
> It would make more sense to have the whitelist first since that
> is its normal use, overriding a restriction.
No problem. I suppose I lost sight of the prime directive, which
is to deliver mail.
Wietse
