On 8/26/2010 6:31 AM, Charles Marcus wrote:
If you've specified smtpd_reject_unlisted_recipient=yes, that check
is also after smtpd_recipient_restrictions.
Since smtpd_reject_unlisted_recipient=yes is the default, it happens
after the recipient_restrictions *without* my having to specify it, right?
Yes, but that's kind of splitting hairs. If it's specified,
that's when it runs. It's specified unless you turn it off.
Hmmm... maybe this is the source of my confusion.
Based on this comment, now I'm guessing that there must be other checks
like this that occur at (some/all of?) the other stages/sections that I
am unaware of because they are the default action...?
I think you're over-analyzing this.
First match wins. REJECT happens now, OK skips to the next
section, DUNNO (or no match) goes to the next restriction.
Most of the other actions (FILTER, PREPEND, whatever) act like
DUNNO; continue with the next restriction.
The defaults restrictions are:
smtpd_recipient_restrictions = permit_mynetworks,
reject_unauth_destination
[smtpd_reject_unlisted_recipient]
Which are run after each RCPT command. That's all.
History lesson: When postfix was developed, accepting and
bouncing undeliverable mail was considered normal -- best
practice even -- and AFAIR default behavior of pretty much
every widely used MTA at the time. As spam evolved, it became
obvious that the best practice was no longer best. Postfix
was changed to conform to new best practices. So if
smtpd_reject_unlisted_recipient recipient validation seems as
if it were bolted in as an afterthought, that's because it was.
-- Noel Jones
