/dev/rob0:
> The postconf(5) manual entry for postscreen_whitelist_interfaces
> includes this text:
>
> "When postscreen(8) listens on both primary and backup MX addresses,
> the postscreen_whitelist_interfaces parameter can be used to disable
> whitelisting on backup MX addresses. With this configuration,
> postscreen(8) denies whitelisting status to clients that connect only
> to backup MX addresses, and prevents them from talking to a Postfix
> SMTP server process."
postscreen_whitelist_interfaces matters only for clients that are
not yet whitelisted (or that have expired).
Wietse
> The word "only" in there implies that the WHITELIST VETO does not
> occur if the host had already passed the after-220 tests on the
> primary MX IP address (that is, the addresses not excluded from
> postscreen_whitelist_interfaces.)
>
> It's making sense now, but I'm going to go ahead and post this for
> confirmation. The client is already whitelisted by having hit the
> regular IP address, so we'll accept mail from it on the excluded
> address[es]. Right? WHITELIST VETO only applies to hosts which are
> not already in the whitelist.
>
> This feature discussion came up when Wietse figured out the way to
> avoid the "greylisting" pain of the after-220 tests. Can this be
> added to the POSTSCREEN_README?
> --
> Offlist mail to this address is discarded unless
> "/dev/rob0" or "not-spam" is in Subject: header
>
>
