Victor Duchovni:
> On Wed, Mar 18, 2009 at 12:56:48PM -0400, Wietse Venema wrote:
> > /dev/rob0:
> > > Some comments I would add:
> > >
> > > 1. I consider it best practice to use "permit_auth_destination" rather
> > > than "OK" for whitelisting. That's an extra safety check in case you
> > > accidentally put smtpd_recipient_restrictions in the wrong order.
> >
> > That is a good point. I wonder how much would break with
> >
> > /etc/postfix/main.cf
> > restriction_classes = ok [... other names ...]
> > ok = permit_auth_destination
>
> Well, "check_client_access" and "check_recipient_access" may not work
> correctly at sites where these are used to permit access for additional
> clients or to additional recipients. Should be safe in most cases.
I just checked the source, and it's currently not possible to
override built-in names with restriction_classes.
Both access(5) maps and smtpd_mumble_restrictions will try the
built-in names first.
It does simplify support, though.
Wietse
