p...@alt-ctrl-del.org wrote:
Hello postfix admins,
I have always placed all restrictions in smtpd_recipient_restrictions.
Over the last few days, I have been experimenting with breaking the
restrictions up into client, helo, sender, etc. I ran into something odd
(to me), when permit_mynetworks is in smtpd_helo_restrictions.
.....
I would think that having permit_mynetworks in smtpd_helo_restrictions,
would be applied as "accept any helo, from hosts in mynetworks".
But it appears that permit_mynetworks is testing the helo string,
against the list of IP's in $mynetworks (as strings), then allowing it
to pass.
.......
Is this the way it's supposed to behave? It seems wrong to me.
p...@alt-ctrl-del.org wrote:
Hold on...
That machine is running an experimental build of 2.6, from 2008. A quick
test of my config on 2.7.1, appears to be working. I'll try some more
testing.
I've moved my entire postfix-mysql config over to postfix 2.7.1. Using
permit_mynetworks in smtpd_helo_restrictions appears to be working as I
expect it to, in this version.
one more thing.
In my reading of SMTPD_ACCESS_README, it sounds like
smtpd_client_restrictions are checked before smtpd_helo_restrictions. If I
really wanted to be anal, should I put my check_helo_access in
smtpd_client_restrictions rather than smtpd_helo_restrictions, to prevent
unnecessary rbl lookups and such?
