On 2023-11-11 at 12:26:18 UTC-0500 (Sat, 11 Nov 2023 17:26:18 +0000)
Matthias Nagel via Postfix-users <matthias.h.na...@posteo.de>
is rumored to have said:
Hello all,
I am running Postfix 3.8.1. Postfix serves port 25 for incoming mail
from other MTAs and port 587 for authenticated MUAs.
Postfix is supposed to check SPF for mails from other MTAs on port 25,
but not for mails from authenticated MUAs on port 587.
To this end, there is a SPF check inside „recipient_restrictions“,
but authenticated clients are already permitted by an early
„permit_sasl_authenticated“ inside „relay_restrictions“.
According to my understanding, Postfix should stop evaluation of the
access rules as soon as a final decision has been made. I thought,
Postfix evaluates
1. client restrictions
2. helo restrictions
3. sender restrictions
4. recipient restrictions
5. relay restrictions
6. data restrictions
7. end-of-data restrictions
in that order until either a final PERMIT, DENY or DEFER is found.
Nope. Review the restriction list docs. PERMIT only short-circuits the
current restriction list. Later restriction in the same list are
skipped, but later lists are still run. DENY or DEFER acts immediately.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
