Ivan Ionut:
> Thx, but I noticed that there is only for cidr...and i want for
> hosts/domains too.
If you want client name/domain based policies, don't use postscreen,
use smtpd_mumble_restrictions instead.
An smtpd process can do complex things such as verifying fully-confirmed
forward/reverse DNS for clients in arbitrary domains, and making
nuanced decisions based on the combination of client, sender, and
recipient information.
postscreen is designed to answer only one question: "is this a
spambot". That is completely orthogonal to the question of whether
or not you like a client hostname.
postscreen cannot afford doing complex things. It must be able to
handle many more (like 10 times more) clients than hundreds of smtpd
processes combined can handle.
postscreen has to make a quick decision based on the client IP
address which is guaranteed to be available, and queries only the
domains listed in postscreen_dnsbl_sites, which are guaranteed to
respond quickly. postscreen WILL NOT query other domains because
there are no response time guarantees.
Wietse
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
