Michael Storz:
> If one of the permit-restrictions from smtpd_relay_restrictions fires
> which restriction will be evaluated next:
> - the first restriction of smtpd_recipient_restrictions or
> - the first restriction of smtpd_data_restrictions
With smtpd_client, helo, sender, recipient, and data restrictions,
a "permit" result never "skips over" other restriction lists. That
is a good reason to make relay restrictions behave in the same way.
It keeps the system consistent, and minimizes the learning curve.
With smtpd_delay_reject=yes, the basic algorithm is:
if (eval(restriction_list_1 + permit) == reject
or eval(restriction_list_2 + permit) == reject
..
or eval(restriction_list_N + permit) == reject)
reject
Where "+" is the concatenation operator, and where the sequence of
"or" clauses is evaluated from left to right and terminates as soon
as the result is known.
When people understand how Postfix works, the above is roughly what
they have in mind. As long as Postfix adheres to this model there
will be no surprises when smtpd_relay_restrictions is added.
Wietse
