I'm implementing greylisting on CentOS 5 systems.
These are spools for the actual mailserver/mailbox systems.
Currently we have:
smtpd_recipient_restrictions =
reject_unauth_pipelining,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_unknown_sender_domain,
reject_unlisted_recipient,
permit_mynetworks,
reject_unauth_destination,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_rbl_client zombie.dnsbl.sorbs.net,
reject_rbl_client cbl.abuseat.org,
permit
All the install documents I've found say to put the check_policy_service
after reject_unauth_destination but looking at this I wonder if it
should go further down on the list. Possibly after
reject_invalid_hostname or reject_non_fqdn_hostname.
In fact how does the above listing look? It has been working for years
but maybe there is a better order or some additional checks that could
be done.
But mostly I'm wondering where I should place the check_policy_service line.
TIA,
Rod
--
