Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Victor Duchovni (Victor.Duchovnimorganstanley.com)
Date: Thu Oct 28 2010 - 14:06:26 CDT
On Thu, Oct 28, 2010 at 08:42:27PM +0200, Ansgar Wiechers wrote:
> On 2010-10-28 Jeroen Geilman wrote:
> > On 10/28/2010 06:04 PM, Robert Fantini wrote:
> >> smtpd_recipient_restrictions =
> >> permit_mynetworks,
> >> permit_sasl_authenticated,
> > You need to swap those two to be able to send authenticated mail from
> > outside your network.
> Huh? Please elaborate.
Nothing to elaborate, "permit_mumble" restrictions commute, the only
possible difference is performance. If one is inclined to fine-tune
lookup performance, of two equal cost criteria, the one that permits
more legitimate traffic should be listed first. If a particular
restriction is more costly to evaluate (lookup latency, CPU time, ...)
it should generally be listed after cheaper ones when the order is
In this case, the "permit_sasl_authenticated" just checks internal
memory state, while permit_mynetworks may consult file or DB tables,
so in some cases putting the SASL check first is slightly more performant.
It is very unlikely that the order actually matters, the mynetworks lookup
would have to be particularly slow and the SASL user traffic very high.