I'm still a bit vague on some of this, but I think I have enough I can set up some tests and figure it out . Thanks.
Incidentally, I do have "smtp_delay_reject = yes", which *delays* the processing. But I appears that none of the smtpd_*_restrictions (if specified) are skipped. Which I find handy for controlling how they are applied to different addresses. On Thu, Apr 20, 2017 at 12:02 PM, Viktor Dukhovni < postfix-us...@dukhovni.org> wrote: > > > On Apr 20, 2017, at 2:40 PM, J. Johnson <jj001....@gmail.com> wrote: > > > > I distrust access(5), but that's just a detail of db format; I think > what you mean is the > > several access list checks available in the smtpd_*_restrictions. > > The interface documented in access(5) is a database-independent key/value > abstraction. Yes, where I said access(5) I also meant to cover the various > built-in restrictions that are not table driven. All the processing is > applied to each recipient. > > > As I replied to Philip, > > I think this depends on what point in the delivery process postfix > replicates the > > message for additional recipients. > > That's easy, the message is not replicated at all. All deliveries read > from a > single multi-recipient queue file. The message envelope splits on > delivery, > when not all the recipients are destined to the same place or fit in a > single > transaction. > > > From what you say I gather this occurs early, either in the helo stage, > or immediately > > following. > > There is no split. The "RCPT TO" SMTP command is processed for each > recipient > and that recipient is either rejected or accepted at that time, largely > independently > of other recipients (DISCARD and a few other special actions that affect > the whole > message aside). > > > The problem is, I want to start blacklisting at the client stage, which > makes the > > whitelisting a little dicey. > > It is unwise to blacklist at the SMTP banner and often not effective, > because > many MTAs will defer mail rejected at connect or HELO. This and other > reasons > is why Postfix has "smtp_delay_reject = yes", you should not change this > setting > in most cases. > > -- > Viktor. > >
