--On Friday, April 15, 2011 1:45 AM +0200 Mark Martinec
<[email protected]> wrote:
The magic is not in a regex (which matches everything which
reaches it), but in the order of rules in smtpd_sender_restrictions.
Remember that a FILTER in a matching access map just makes its
argument overlay the content_filter setting. The last FILTER
triggering has the final say (i.e. wins).
So the tag_as_originating.re places amavisfeed:[127.0.0.1]:10026
into a content_filter for everybody first.
Then smtpd_sender_restrictions proceeds to permit_mynetworks,
permit_sasl_authenticated and permit_tls_clientcerts. If any
of these three rules match, the search stops here and the
amavisfeed:[127.0.0.1]:10026 remains in content_filter.
If, however, none of the tree rules identifying local nets
or autheticated roaming users match, then the search reaches
the 'check_sender_access regexp:/etc/postfix/tag_as_foreign.re',
which overlays its cargo into a content_filter, which ends up
being amavisfeed:[127.0.0.1]:10024. This happens for any
inbound or nonauthenticated client - which is exactly what we
need (assuming amavisd has a policy bank with originating=>1
hanging on a TCP port 10026.
Thanks, that is a great explanation. :)
Regards,
Quanah
--
Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
