|Main Archive Page > Month Archives > postfix-users archives|
On Fri, Jun 24, 2011 at 08:12:28PM -0700, Rich Wales wrote:
> In http://www.postfix.org/postconf.5.html#smtpd_client_restrictions, I
> read that "for safety", permit_dnswl_client and permit_rhswl_client are
> silently ignored when they would override reject_unauth_destination.
That is ignored in the context of a "RCPT TO" command (thus in all of
the top-level restriction classes when smtpd_delay_reject = yes) for a
recipient that would fail "reject_unatuh_destination". For such a
recipient do you really need DNSWL whitelisting? Normally, clients
allowed to send outbound mail are required to present SASL credentials,
or be in mynetworks, and then DNSWL entries are not really relevant.
> I understand why this is a good idea when a whitelist "permit" operation
> appears in smtpd_recipient_restrictions. But does this "silent ignoring"
> also happen even if the whitelist "permit" operation is located in
> smtpd_client_restrictions, while the reject_unauth_destination is in
> smtpd_recipient_restrictions? It seems unnecessary and confusing to
> ignore the whitelist operation in this case (unless there is some subtle
> cause for concern that I'm overlooking).
Provided the recipient is not remote, the DNSWL is not ignored.