Rick Zeman a écrit :
> [snip]
> smtpd_recipient_restrictions =
> permit_mynetworks
> reject_unauth_destination
> reject_unverified_recipient
> check_recipient_access hash:/etc/postfix/always_allowed
> check_recipient_access hash:/etc/postfix/not_accepted
> check_policy_service unix:private/tumgreyspf
>
> cat /etc/postfix/always_allowed
> abuse@ OK
> postmaster@ OK
> .google.com OK
>
- recipient != client
- ".google.com" is ignored if access is listed in
parent_domain_matches_subdomains (read the do if you don't see why).
but anyway:
- whitelisting any google.com client isn't necessarily a good idea. you
should only whitelist the networks that are in their SPF record.
do yourself (and us) a favour and use:
(BTW .google.com ever used if access isn't listed in
parent_domain_matches_subdomain)
smtpd_recipient_restrictions =
...
permit_unauth_destination
check_client_access cidr:/etc/postfix/dnswl/postfix-permit
...
# mkdir -p /etc/postfix/dnswl
# rsync --times -azv \
rsync1.dnswl.org::dnswl/postfix-permit \
/etc/postfix/dnswl/
# postfix reload
