> On Apr 20, 2017, at 2:40 PM, J. Johnson <jj001....@gmail.com> wrote:
>
> I distrust access(5), but that's just a detail of db format; I think what you
> mean is the
> several access list checks available in the smtpd_*_restrictions.
The interface documented in access(5) is a database-independent key/value
abstraction. Yes, where I said access(5) I also meant to cover the various
built-in restrictions that are not table driven. All the processing is
applied to each recipient.
> As I replied to Philip,
> I think this depends on what point in the delivery process postfix replicates
> the
> message for additional recipients.
That's easy, the message is not replicated at all. All deliveries read from a
single multi-recipient queue file. The message envelope splits on delivery,
when not all the recipients are destined to the same place or fit in a single
transaction.
> From what you say I gather this occurs early, either in the helo stage, or
> immediately
> following.
There is no split. The "RCPT TO" SMTP command is processed for each recipient
and that recipient is either rejected or accepted at that time, largely
independently
of other recipients (DISCARD and a few other special actions that affect the
whole
message aside).
> The problem is, I want to start blacklisting at the client stage, which makes
> the
> whitelisting a little dicey.
It is unwise to blacklist at the SMTP banner and often not effective, because
many MTAs will defer mail rejected at connect or HELO. This and other reasons
is why Postfix has "smtp_delay_reject = yes", you should not change this setting
in most cases.
--
Viktor.
