|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: ACL oddness
From: mouss (usebsd
free.fr)
Date: Mon Jul 03 2006 - 16:57:48 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
David Clymer wrote:
> On Sat, 2006-07-01 at 13:47 +0200, Magnus Bäck wrote:
>
>>> ----------------------------------------
>>> Debugging output from an attempted delivery of an email with To:
>>> someonefoo, Cc: someoneelsefoo
>>> ----------------------------------------
>>>
>> And what do the logs look like when the message is accepted?
>>
>
> This is a successful delivery:
>
> http://zettazebra.com/files/successful_delivery.log
>
>
>> [...]
>>
>>
>>> smtpd_data_restrictions = permit_mynetworks,
>>> check_recipient_access pcre:/etc/postfix/access/recipient_whitelist,
>>> check_sender_access pcre:/etc/postfix/access/sender_whitelist,
>>> check_client_access pcre:/etc/postfix/access/client_whitelist,
>>> check_client_access pcre:/etc/postfix/access/client_blacklist,
>>> reject_multi_recipient_bounce,
>>> reject_unauth_pipelining,
>>> reject_unauth_destination
>>>
>> check_recipient_access or reject_unauth_destination in
>> smtpd_data_restrictions does not make sense. And why put
>> check_sender_access and check_client_access restrictions
>> here?
>>
>>
>
> Because the access checks only apply within each smtp_*_restrictions
> context. I've got to whitelist in every context if I want to whitelist
> at all. Maybe I'm just doing it all wrong. Any suggestions?
>
I have one (suggestion:). remove all your smtpd_data_restrictions except
reject_unauth_pipelining. then put all the other ones in
smtpd_recipient_restrictions.
You can remove reject_multi_recipient_bounce. IMHO the doc that says
"this should never happen" is not correct. The null sender address is
not only for bounces. real life examples have been posted by Marc
Martinec on this list.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]