Loading ...
Sorry, an error occurred while loading the content.

292246Re: dictionary-attack

Expand Messages
  • Noel Jones
    Mar 27, 2013
    • 0 Attachment
      On 3/27/2013 10:07 PM, Matthew Hall wrote:
      > One other question here. So, if I have a host which matches
      > permit_sasl_authenticated, but also matches one of the rejections
      > present in check_reverse_client_hostname_access, but
      > permit_sasl_authenticated comes first in recipient_restrictions, then
      > it's still going to work right, because the first rule in the chain
      > wins, correct? Just want to be sure I parsed the documentation
      > correctly.

      Yes, first match wins.


      - for the purpose of this discussion, we'll treat "OK" and "permit"
      as interchangeable.

      - the smtpd_*_restrictions are executed in the order:
      smtpd_relay_restrictions (if your postfix supports this)

      You might notice this is the same order as an SMTP transaction.
      Details here: http://www.postfix.org/OVERVIEW.html

      - within each smtpd_*_restrictions section, restrictions are
      executed in exactly the order you specify.

      - first match wins

      - any REJECT/DEFER action takes effect immediately; all subsequent
      smtpd_*_restrictions are skipped.

      - each smtpd_*_restrictions section must resolve to "permit" (or
      empty) to accept mail. A "permit" in one smtpd_*_restrictions
      section is not inherited by the next section.

      - special case -- access(5) documents several "OTHER ACTIONS" other
      than OK/REJECT. These actions stop processing of that single access
      table and skip to the next rule within the same smtpd_*_restrictions
      section. DEFER_IF_PERMIT and DEFER_IF_REJECT are also treated this
      way; they don't take effect until a REJECT or (final) PERMIT
      decision is made.

      -- Noel Jones
    • Show all 48 messages in this topic