From: Rob Tanner (rtannerlinfield.edu)
Date: Fri Jun 26 2009 - 01:40:32 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 6/25/09 10:16 PM, "Victor Duchovni" <Victor.Duchovnimorganstanley.com>
wrote:

> On Thu, Jun 25, 2009 at 10:36:09PM -0400, Sahil Tandon wrote:
>
>>> IIRC, the instance attribute identifies a mail transaction and is assigned
>>> before the queue-id.
>>
>> My bad reading of src/smtpd/smtpd_check.c, then. But does that mean an
>> instance can exist *before* the first recipient is accepted? For context:
>> http://www.irbs.net/internet/postfix/0412/0896.html
>
> Yes. An instance (transaction) id is assigned at "MAIL FROM:" time,
> provided the "MAIL" command iis not rejected.

Problem is that none of that actually answers my original question about why
I'm receiving some requests with no instance attribute. Here's the
pertinent bit from main.cf:

smtpd_helo_restrictions =
smtpd_client_restrictions =
smtpd_sender_restrictions =
smtpd_recipient_restrictions =
    check_policy_service inet:127.0.0.1:9250
    hash:/etc/postfix/protected_destinations,proxy:ldap:limittag
    permit_mynetworks
    permit_sasl_authenticated
    reject_unauth_destination
    reject_invalid_hostname
    reject_non_fqdn_recipient
    reject_unknown_sender_domain
    reject_unknown_recipient_domain
    check_client_access hash:/etc/postfix/client_checks

I never found it useful to separate smtpd restrictions (which may be wrong).
Since I am just listening and not yet actually implementing policies, I had
the check service first so that every message generates a request. In
actual production, the policy checks will follow after the rejects. So the
question remains, how do I interpret those requests that lack the instance
attribute?

Thanks.

Rob Tanner
UNIX Services Manager
Linfield College, McMinnville Oregon
503-883-2558

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]