On Thu, Oct 08, 2015 at 02:56:37AM +1100, Voytek wrote:
> > With Berkeley-DB tables, updated tables are only picked up by smtpd
> > when a client disconnects and a new client connects.
> >
> > So if a client was hanging on to a single connection and sending
> > lots of messages back to back without disconnecting, it might be able to
> > continue despite table changes.
>
> so, seeing as I didn't see anymore connection from that IP after Postfix
> restart, that would tend to confirm above, I think ?
No. Confirmation would be looking at the logs of the ongoing mails
*before* the restart and seeing whether all the mail came in over
a single connection (same pid, no per-connection "connect from" or
"disconnect from" log entries for that pid between "client="
per-queue-file log entries).
> > Otherwise, you may be better off with SQL or LDAP tables, which can
> > change in real time.
>
> my users/domain are in MySQL - but, again, if I understand it correctly.
> on a single connection sceanrio, that wouldn't help ?
What would help is putting the "check_sasl_access" table in SQL.
> I should've stopped/restarted immediately...
No, instead put your access table in SQL (possibly CDB would work
too, but I'm not sure), that way you don't need reload or restart.
--
Viktor.
