On Sunday, August 22, 2010 at 16:01 CEST,
p...@alt-ctrl-del.org wrote:
> So I have,
> smtpd_helo_restrictions = reject_non_fqdn_helo_hostname,
> check_helo_access regexp:/etc/postfix/heloaccess.cf
>
> If I put the following into heloaccess.cf, for .cc hostnames,
> /^.*\.[a-z][a-z]$/ reject_unknown_helo_hostname
>
> Am I adding to the restrictions? Making it,
> smtpd_helo_restrictions = reject_non_fqdn_helo_hostname,
> check_helo_access regexp:/etc/postfix/heloaccess.cf,
> reject_unknown_helo_hostname
>
> Or am I replacing the restrictions? Making it only,
> smtpd_helo_restrictions = reject_unknown_helo_hostname
>
> On a hit of the regexp rule, would the existing
> smtpd_sender_restrictions and smtpd_recipient_restrictions
> still be processed?
A regexp match will cause the reject_unknown_helo_hostname restriction
to be evaluated. If it indeed results in a rejection the mail will be
rejected no matter what. If it doesn't result in a rejection Postfix
will continue with the remaining restrictions in smtpd_helo_restrictions,
smtpd_sender_restrictios, smtpd_recipient_restrictions and so on like
nothing has happened. The only thing that's terminated is the traversal
of /etc/postfix/heloaccess.cf. In other words,
/^foo.example\.com$/ DUNNO
/example\.com$/ REJECT
would cause all hosts using any example.com hostname in HELO to be
rejected except foo.example.com. Of course, if any other restriction
wants to reject a message from foo.example.com it would still be
rejected.
[...]
--
Magnus Bäck
mag...@dsek.lth.se
