/dev/rob0: > The postconf(5) manual entry for postscreen_whitelist_interfaces > includes this text: > > "When postscreen(8) listens on both primary and backup MX addresses, > the postscreen_whitelist_interfaces parameter can be used to disable > whitelisting on backup MX addresses. With this configuration, > postscreen(8) denies whitelisting status to clients that connect only > to backup MX addresses, and prevents them from talking to a Postfix > SMTP server process."
postscreen_whitelist_interfaces matters only for clients that are not yet whitelisted (or that have expired). Wietse > The word "only" in there implies that the WHITELIST VETO does not > occur if the host had already passed the after-220 tests on the > primary MX IP address (that is, the addresses not excluded from > postscreen_whitelist_interfaces.) > > It's making sense now, but I'm going to go ahead and post this for > confirmation. The client is already whitelisted by having hit the > regular IP address, so we'll accept mail from it on the excluded > address[es]. Right? WHITELIST VETO only applies to hosts which are > not already in the whitelist. > > This feature discussion came up when Wietse figured out the way to > avoid the "greylisting" pain of the after-220 tests. Can this be > added to the POSTSCREEN_README? > -- > Offlist mail to this address is discarded unless > "/dev/rob0" or "not-spam" is in Subject: header > >