Thank you for adding if-endif to header and body checks. A report on About.com states that in 2010 there were about 294 billion emails sent per day, 90% of which were spam. With numbers like that, trying to go through and blacklist individual IP addresses or users is a waste of time. Spam through here had become such a nightmare that a few years back I informed all my clients that I was done hosting email. I kept the accounts for the Mrs. and myself active, but there continued to be so much spam and gray mail that we quit checking our accounts.
Recently I've had a couple of hard drives crash on the servers. So in the process of replacing the hard drives and reinstalling PostFix, I stumbled across your if-endif conditional. Experimenting with it, I've been able to close the door to world wide access to my email accounts and only allow certain users by placing whitelisted conditions up front, and blocking everyone else. The REJECT action includes instructions how to bypass the filter:
!/\[Key Word\]/ REJECT "UNAUTHORIZED MAIL. To bypass the spam filter, include the following anywhere in the Subject line: [Key Word]"
If I understand correctly, without the if-endif conditional, the only way to exit header_checks before reaching the end of the file is if a REJECT action is matched. There's no way for me to say "This email is from my wife, so accept the email and exit header_checks immediately":
> If I understand correctly, without the if-endif conditional, the only way to
> exit header_checks before reaching the end of the file is if a REJECT action
> is matched. There's no way for me to say "This email is from my wife, so
> accept the email and exit header_checks immediately":