Use of PERMIT in smtpd restriction lists

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Use of PERMIT in smtpd restriction lists

Dominic Raferd
By (limited) experiment it seems to me that the action 'PERMIT' is acceptable in access tables in smtpd restriction lists (e.g. smtpd_client_restrictions).

As far as I can tell it is undocumented in this context, but I think it is synonymous with 'OK' i.e. any subsequent tests in the same restriction list are skipped/ignored but subsequent restriction lists are processed (and could indeed give a REJECT action).

One practical advantage of using PERMIT instead of OK: a single ip whitelist file can then be used both in postscreen_access_list (where the action 'OK' is not acceptable) and in an smtpd restriction list.

Is this correct - or incorrect / unwise?
Reply | Threaded
Open this post in threaded view
|

Re: Use of PERMIT in smtpd restriction lists

Wietse Venema
Dominic Raferd:
> By (limited) experiment it seems to me that the action 'PERMIT' is
> acceptable in access tables in smtpd restriction lists (e.g.
> smtpd_client_restrictions).
>
> As far as I can tell it is undocumented in this context, but I think it is

The 'permit' action is documented in the access(5) manpage
in the section 'OTHER ACTIONS'.

$ man 5 access | less '+/^OTHER ACTIONS'
OTHER ACTIONS
       restriction...
              Apply    the   named   UCE   restriction(s)   (permit,   reject,
              reject_unauth_destination, and so on).

       BCC user@domain
                ...

Note the action name is case-insensitive, thus PERMIT is the same
as permit.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Use of PERMIT in smtpd restriction lists

Dominic Raferd


On Tue, 22 Oct 2019 at 12:04, Wietse Venema <[hidden email]> wrote:
Dominic Raferd:
> By (limited) experiment it seems to me that the action 'PERMIT' is
> acceptable in access tables in smtpd restriction lists (e.g.
> smtpd_client_restrictions).
>
> As far as I can tell it is undocumented in this context, but I think it is

The 'permit' action is documented in the access(5) manpage
in the section 'OTHER ACTIONS'.

$ man 5 access | less '+/^OTHER ACTIONS'
OTHER ACTIONS
       restriction...
              Apply    the   named   UCE   restriction(s)   (permit,   reject,
              reject_unauth_destination, and so on).

       BCC user@domain
                ...

Note the action name is case-insensitive, thus PERMIT is the same
as permit.

Thanks Wietse for pointing that out. I believe it confirms my understanding.