Wietse, Thank you for your comments and explanation!
On Wed, Nov 16, 2011 at 01:04:10PM -0500, Wietse Venema wrote: > I must confess that I no longer understand what the purpose is of > ACCEPT in header_checks, if the purpose is other than skipping > all further lookups of all header_checks tables. Actually, I think both kinds of ACCEPTs would make sense in different circumstances: skip further lookups against the current table and skip further lookups for all header_checks (and body_checks) tables. So that would be two action names. Hmm, yes, this does become confusing, unless we use lengthy names like SKIP_THIS_TABLE or SKIP_ALL_TABLES. More importantly, I realized that the two things that I mentioned as nice to have - configurable default action per-table and MARK action (with marks persistent across table boundaries) - are actually almost required to make the new ACCEPT action (or whatever we call it) usable in more than just some special cases. Having MARK may also eliminate the need for the SKIP_ALL_TABLES variety. Specifically, a persistent mark is needed to be able to encode logical expressions involving matches against both headers and body lines - e.g., permit all mail to these addresses (header check), but only PGP-encrypted to other addresses (body check to be applied only when the header check did not match). I think this could also be achieved with SKIP_ALL_TABLES (if its uses in a headers_check table would also skip body_checks), but MARK is more generic. This does become complicated, yet maybe it could be implemented with little code while making Postfix's built-in filtering a lot more capable. Thanks again, Alexander
