|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Comprehension question on smtpd_*_restrictions and access tables
From: Kai Fürstenberg (postfix
fuerstenberg.ws)
Date: Thu Feb 01 2007 - 23:54:47 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Noel Jones schrieb:
> At 06:58 AM 2/1/2007, Kai Fürstenberg wrote:
>> But what about the "OK"-action in access tables? I always heard (and
>> read) that, when a restriction receives an OK from an access table,
>> the mail is accepted.
>
> The mail skips from that smtpd_*_restrictions section to the next, the
> sections are always evaluated in the order documented regardless of the
> order in main.cf. Within each section, restrictions are evaluated in
> the order listed. The default empty value for smtpd_{client, helo,
> sender, data, end_of_data}_restrictions is morally equivalent to
> "permit". One can put just "permit" in each of these sections and have
> no effect on mail processing.
> The default value for smtpd_recipient_restrictions is
> "permit_mynetworks, reject_unauth_desitination" which is what prevents
> one from being an open relay. A bare "permit" is not allowed here.
>
> Simplification:
> smtpd_recipient_restrictions is for relay control, and optionally for
> UCE controls.
> All the other smtpd_*_restrictions sections are for UCE controls and
> cannot allow relaying.
>
>> E.G.:
>> main.cf:
>> smtpd_client_restrictions =
>> check_client_access hash:/etc/postfix/access
>> reject
>> smtpd_recipient_restrictions =
>> reject
>>
>> /etc/postfix/access:
>> 10.0.0.1 OK
>>
>> When the client 10.0.0.1 connects to Postfix, is he allowed to relay
>> mail through postfix, because of the OK in the access table, or does
>> this only take effect on smtpd_client_restrictions and the mail will
>> be rejected because of the smtpd_recipient_restrictions?
>
> In the above example, all mail will be rejected because of the
> smtpd_recipient_restrictions settings. EACH smtpd_*_restrictions
> section is evaluated for EVERY message. Each section must evaluate to
> either "permit", "OK", or DUNNO (or no answer) for mail to be accepted.
>
Thanks for the detailed explanation, Noel. It's clear now.
Kai
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]