Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Magnus Bäck (magnusdsek.lth.se)
Date: Sun Aug 22 2010 - 10:37:50 CDT
On Sunday, August 22, 2010 at 17:26 CEST,
Stan Hoeppner <stanhardwarefreak.com> wrote:
> Magnus Bäck put forth on 8/22/2010 10:04 AM:
> > A regexp match will cause the reject_unknown_helo_hostname
> > restriction to be evaluated. If it indeed results in a
> > rejection the mail will be rejected no matter what.
> That's not necessarily true. It depends on the order of his
> smtpd_*_restrictions and whether he's using delayed evaluation.
> If he's using the multiple section restrictions style with delayed
> eval it's possible he may have an "OK" in a later table that causes
> the mail to be accepted even after the regexp check returned REJECT.
No. If smtpd_helo_restrictions returns REJECT nothing can save the
email. smtpd_delay_reject does not affect *how* Postfix evaluates
restrictions, only *when*. Whitelisting only takes place within the
same restriction list, i.e. an OK in smtpd_helo_restrictions only
skips rejections listed further down in smtpd_helo_restrictions.