On Sunday, August 22, 2010 at 17:26 CEST,
Stan Hoeppner <s...@hardwarefreak.com> wrote:
> Magnus Bäck put forth on 8/22/2010 10:04 AM:
>
> > A regexp match will cause the reject_unknown_helo_hostname
> > restriction to be evaluated. If it indeed results in a
> > rejection the mail will be rejected no matter what.
>
> That's not necessarily true. It depends on the order of his
> smtpd_*_restrictions and whether he's using delayed evaluation.
> If he's using the multiple section restrictions style with delayed
> eval it's possible he may have an "OK" in a later table that causes
> the mail to be accepted even after the regexp check returned REJECT.
No. If smtpd_helo_restrictions returns REJECT nothing can save the
email. smtpd_delay_reject does not affect *how* Postfix evaluates
restrictions, only *when*. Whitelisting only takes place within the
same restriction list, i.e. an OK in smtpd_helo_restrictions only
skips rejections listed further down in smtpd_helo_restrictions.
--
Magnus Bäck
mag...@dsek.lth.se
