On 25/12/2021 14:45, Wietse Venema wrote:
Lefteris Tsintjelis:
I am trying to find more info about how delay rejects work and more
specifically how they are evaluated in case of multiple rejections when
delay rejects are on. Are all restrictions evaluated until RCPT TO in
case of multiple rejects? Do some restrictions have priority over others
if more than one rejection is found? Can the restriction order change in
case of multiple rejections?
http://www.postfix.org/postconf.5.html#smtpd_delay_reject
http://www.postfix.org/SMTPD_ACCESS_README.html
I have found the above. Is there anything else I can look into?
The order of evaluation:
client restrictions before
helo restrictions before
sender restricttions and so on.
There is no 'priority'.
That is the impression I got. When delay rejects are on, in case of
multiple rejections, the final rejection reason appears to always be the
same even if a client rejection precedes a helo one for example(?). As
much as delay rejects have some benefits, this can be a problem and
possibly a drawback in some cases. I get the impression that all
restrictions have to be evaluated(?) for example before the RCPT TO and
this can consume more resources than simply rejecting based on the first
reject.
Also, in case of sasl, when I turn the delays on the final rejection
reason is always authentication failure even though a few more
rejections precede and apply that one and that may not be a very good thing.
There is no evaluation after 'reject'.
Postfix documentation does not cover things that Postfix does not
do, such as evaluation after reject, or restriction prioritization.
