Today we stumbled over a postfix behaviour that was quite unexpected for us.
we had in main.cf smtpd_client_restrictions = check_helo_access pcre:/etc/postfix/helo_access.pcre,regexp:/etc/postfix/helo_access.rege x so 2 access maps for helo but in "wrong" restriction. Postfix evaluated the first map (pcre) correclty in HELO State and tested the provided helo name. But the second map was used to fire in CLIENT state. So for the 2nd map postfix checked the PTR of the client. By using twice check_helo_access with just one map per line (although still in the wrong restriction) both maps were used for HELO only. Also putting the check_helo_access (all on one line) into the correct restriction "smtpd_helo_restrictions" solves the "issue" I'm fully aware that the main problem is that we placed a HELO check in the client_restrictions but still the observed behaviour was quite un- expected for us. One map in the correct state and the other in the wrong one? Does not sound like postfix ;-) We use postfix 3.5.6 Cheers and have a good one tobi
