Reading at http://www.postfix.org/MILTER_README.html, and wondering what results from Postfix interacting with multiple milters, we see, paraphrasing, in part:
1) There can be more than one Milter application. 2) Milters "are applied in the order [as] specified". 3) "The first Milter application that rejects a command will override the responses from other Milter applications." Questions: What is the meaning of the phrase "rejects a command"? What is the meaning of the phrase "override the responses"? What is the meaning of the phrase "in the order specified"? At first glance, this appears to say that any milter, in the list of milters, which fails to function properly will "override the responses from other", presumably still properly working, milters, leaving Postfix in some confused, unknown state. But then, that interpretation seems to make no sense. Reading further at https://github.com/avar/sendmail-pmilter/blob/master/doc/milter-protocol.txt, "THE SENDMAIL MILTER PROTOCOL, VERSION 2", it seems that the milter protocol produces a sequence of "Accept/reject action" responses from each milter. I might then infer that the phrase "reject a command" is a "term of art" with respect to the milter protocol, and not a reference to any kind of generic "connection failed" response from a milter. But, so far, that additional knowledge is not of much help in understanding the following phrase "override the responses". Reading further, under "Response Codes", it appears that an "accept/reject action" response from a milter is only one type of possible response from a milter. Another possible milter response, for instance, is a "modification action" response, which might modify the set of mail headers, or modify the body of the message, or might suggest that the MTA itself modify the mail or dispose of the mail in a certain way. So, then, I might infer that the phrase "override the responses" applies *only* to any of a set of possible "reject action" responses from a sequence of milter interactions, by Postfix, implying that a "reject" from any milter means that Postfix will "reject" a message in some "milter_default_action" parameter manner. But still, that interpretation is inconsistent with the phrase "reject a command", in the context of the milter protocol, since this interpretation presumes that "reject" refers to a *response* from a milter with respect to the mail message itself, and *not* "reject" referring to "a command" from Postfix, in the phrase "reject a command", presumably a command *from* Postfix, *to* the milter, where "THE SENDMAIL MILTER PROTOCOL, VERSION 2" says expressly "The milter program sends responses when (and only when) specified by the particular COMMAND code sent by the MTA" - the emphasis on the word "command" added here. So, the milter "rejecting" a mail message, as opposed to the milter rejecting a command from Postfix. Should the Milter Readme say, instead, "Where any Milter application generates any kind of "reject action" response, that "reject action" response will override any "accept action" or "modification action" response from any of the other Milter applications"? Nevertheless, presuming that that interpretation is correct, and a that there is an error in language in the "Milter Readme", that leaves open another question. What is the effect of including multiple milters, "in the order specified", when *no* milter produces any kind of "reject action" response? In particular, what is the effect of multiple "modification action" responses from multiple milters? For instance, especially, where there are multiple DKIM signing milters provided, is the result simply that *all* milters will add DKIM headers to a mail message? And then, what would be the different effects, applying a DKIM "signature" and a DKIM "verification"? In particular, with the "SMTP-Only Milter applications", a mail message might be an outgoing message, from the "submissions" port 465, or instead, the mail message might be an incoming message, from the "smtp" port 25. Presumably, an incoming message should be "verified", and an outgoing message should, instead, be "signed". As I understand, DKIM "signing" and "verification" are distinct processes. Of course, it is also possible to distinguish a mail message that has *no* DKIM signature, and then "sign" such a mail message, from a mail message that already *has* a DKIM signature, and then, instead, "verify" that mail message. There are other ways to distinguish "incoming" and "outgoing" mail messages, but it is not immediately apparent whether a DKIM milter is being provided with that information, and generally, if a DKIM milter will always have sufficient information to make that distinction. Does Postfix inform every milter whether mail is incoming or outgoing? Or, is each milter required to "know", by itself, its own "local" domain? Supposing that a DKIM milter might note whether a DKIM signature already exists in a mail message, then presumably, the effect of Postfix having two DKIM milters might be to either: A) first add a signature header, and then add a verification header, to *any* message, whether incoming or outgoing, if both, that message had no DKIM signature, and that Postfix were to, first, submit the unmodified message to one DKIM milter, and second, submit that *modified* message to any subsequent DKIM milter, or B) If Postfix only ever submits the *same exact* incoming or outgoing message to each of several DKIM milters, and if each DKIM milter were to distinguish "signing" and "verification" actions by whether the mail message did, or did not, already have a DKIM signature, then the result would be that either two DKIM signature headers are added, or that two DKIM verification headers are added, one from each of, say, two DKIM milters. Would it be correct to suppose that *each* milter receives the *same exact* incoming or outgoing mail message from Postfix, and that Postfix then applies or accepts the *combination* of each mail message modification, from each of several milters? Or, instead, does the phrase "in the order specified" imply that any subsequent milter only receives a version of any incoming or outgoing mail message *as it may have been already modified, or directed to be modified*, by any preceding milter? And, if there are two DKIM milters, and one is set to "only sign", and another is set to "only verify", and "verify" is in order *before* "sign", together, might they still "do the right thing", for both incoming and outgoing messages, not verify if there is no signature, and not sign if a signature already exists? Or, is there a possibility that unsigned incoming mail might receive a local signature before delivery?
