Mono DHS:
Checking application/pgp-signature: FAILURE
-- Start of PGP signed section.
> Hello all,
>
> RFC 5321, in section 4.1.1.1, states that a valid argument to the
> EHLO command is either a 'Domain' or an 'address-literal'.
>
> Postfix allows the adminstrator to selectively control access to
> the SMTP server either by 'Domain' via the check_helo_access ,
> the check_helo_mx_access or check_helo_ns_access tables,
> or by the IP addresses resolved from that 'Domain'
> via check_helo_a_access tables.
>
> Since 'address-literal's are legal arguments for the EHLO command,
> which of the check_helo_access or check_helo_a_access tables
> are appropriate to control access to the SMTP server based on
> 'address-literal's, as opposed to the IP addresses resolved
> from 'Domain's?
There is a comment in the function that implements check_xxx_yy_access:
/*
* Treat an address literal as its own MX server, just like we treat a
* name without MX record as its own MX server. There is, however, no
* applicable NS server equivalent.
*/
That is supposed to justify why check_mumble_x_access (for x in
[a, mx]) will search the access map with the address extracted from
[], but check_mumble_ns_access will not.
Wietse
