[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Policy "strangeness"

I found that policy checking does not work as expected for me (in
the new .50-s6).  I understand that what previously was called
"relaycustnet" is now replaced by "fulltrustnet", and if I replace
it in my old policy, it works as expected.  But, as far as I understand,
"relaycustnet" is supposed to do "almost" the same as "fulltrustnet",
just in addition check DNS validity of the source and recipient addresses.
For the source address, it does exactly this.  But when it comes to
checking of the recipient address, it acts as if the originating network
was foreign.  To be more specific: if the network where my client machine
is has "fulltrustnet +", I can send mail to <zmailer@nic.funet.fi>, but
if this network has "relaycustnet +" attribute set instead, then "helo"
and "mail from" are happily accepted but on the "rcpt to" I get "policy
rejection on the target address".

My default boilerplate is:

.                       relaycustomer - relaytarget -
[]/0             relaycustomer - relaytarget -

This behavior looks like a bug...  although I am planning to set
"fulltrustnet +" anyway, to speed up operation...