Magnus Bäck put forth on 8/22/2010 10:04 AM: > On Sunday, August 22, 2010 at 16:01 CEST, > p...@alt-ctrl-del.org wrote: > >> So I have, >> smtpd_helo_restrictions = reject_non_fqdn_helo_hostname, >> check_helo_access regexp:/etc/postfix/heloaccess.cf >> >> If I put the following into heloaccess.cf, for .cc hostnames, >> /^.*\.[a-z][a-z]$/ reject_unknown_helo_hostname >> >> Am I adding to the restrictions? Making it, >> smtpd_helo_restrictions = reject_non_fqdn_helo_hostname, >> check_helo_access regexp:/etc/postfix/heloaccess.cf, >> reject_unknown_helo_hostname >> >> Or am I replacing the restrictions? Making it only, >> smtpd_helo_restrictions = reject_unknown_helo_hostname >> >> On a hit of the regexp rule, would the existing >> smtpd_sender_restrictions and smtpd_recipient_restrictions >> still be processed? > > A regexp match will cause the reject_unknown_helo_hostname restriction > to be evaluated. If it indeed results in a rejection the mail will be > rejected no matter what.
That's not necessarily true. It depends on the order of his smtpd_*_restrictions and whether he's using delayed evaluation. If he's using the multiple section restrictions style with delayed eval it's possible he may have an "OK" in a later table that causes the mail to be accepted even after the regexp check returned REJECT. -- Stan
