On 11/6/2014 4:37 PM, terrygalant.li...@fastest.cc wrote: > Noel > > On Thu, Nov 6, 2014, at 02:25 PM, Noel Jones wrote: > ... >> The above deprecated syntax assumes "check_sender_access >> hash:/path/to/reject_senders" Don't leave out the >> "check_sender_access" part. > > Yep. Bad cut and paste on my part, sorry. It's in there. > > >>> @domain2.com REJECT >> >> will never match anything. > > That one I did NOT realize :-/ > >>> .link REJECT >> >> With the default setting of parent_domain_matches_subdomains, >> ".link" won't match anything. Use "link" instead. > > Here, > > postconf parent_domain_matches_subdomains > parent_domain_matches_subdomains = > debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps > > What in there ^^^ implies that ".link" won't match anything? Is it the > smtpd_access_maps, and the docs/rules that go with it (mentioned below)?
Yes, it's the smtpd_access_maps entry. I'm not sure it's explicitly stated, but ".domain" and "domain" matching controlled by parent_domain_matches_subdomains are mutually exclusive. > >>> added to /reject_senders would, I think, trigger on ANY instance of >>> ".link", including, e.g., >>> >>> y...@test.linkedin.com >> >> Never a concern with an indexed file. > > That too's a surprise. I'm misunderstanding something. Must read more. > Thanks. indexed files must always be a full and exact match, other than documented search patterns performed by postfix (actually performed as separate searches with modified lookup keys). regexp & pcre files are a different matter. It's easy to write a bad expression and match more than you intend. -- Noel Jones > >> See the docs for access tables, pay attention to the various >> "ADDRESS PATTERNS" sections. >> http://www.postfix.org/access.5.html > > Thanks for pointing to the right place to look. > > Terry >
