On 6/10/2014 1:24 AM, Michael Tokarev wrote: > 10.06.2014 05:02, Stan Hoeppner wrote: ... >> Yes. And if you have other separate smtpd_foo_restrictions sections you >> should move those restriction parameters under >> smtpd_recipient_restrictions as well. This will give you precise >> control over whitelisting and blacklisting order. > > I'm sorry to say that, but this is wrong. All smtpd_*_restrictions give > precise control over all the restrictions and their order, if you move
"will give you precise control". Note "you", meaning the user, not Postfix. Having all restrictions in one place makes it easier, as in eyeballs on screen, to see what's going on. > it all to one stage it becomes clumsier. Also, moving stuff which should > be run at connect or hello time to recipient time is kinda wrong. Postfix performs delayed evaluation of restrictions by default so this is irrelevant. Evaluation order for the most part doesn't change, only the logical order in main.cf. > Such a suggestion - to move everything to recipient_restriction - can be > given to a novice postfix user (or by novice postfix user), who does not > understand smtp protocol stages and this smtpd_*_restrictions mechanics, > both of which are kinda trivial. Hammer or nail gun Michael? Everyone understands how the hammer works, but given the choice goes for the nail gun. It's faster, more precise, and saves your thumbs. :) Cheers, Stan
