On 16/10/06, Mike <cbrmike@???> wrote: > Would it be better to do HELO checks in acl_smtp_helo, sender checks in
> acl_smtp_mail, setting a variable in each check indicating pass/fail for
> rejection later in the acl_smtp_rcpt check per-recipient (thus only doing
> the check once), or with various caching, is it just as well to put all
> HELO/MAIL checks in the rcpt acl?
As a general rule: collect data points as soon as they're available,
and implement defensive tactics as soon as you're sure you need them.
So.. this might mean setting a (or some) flags based on HELO
verification, rejecting based on gross transgressions, but use the
flags later in the RCPT acl for finer granularity.
You might want/need to accept mail to postmaster and/or abuse
addresses from most/all clients, for example. Apocryphally, some MTAs
and some spamware are known to misbehave when 5xx'd at HELO time,
could be best to save up the 'deny' until the RCPTs.
