On Thu, Jan 29, 2009 at 03:35:11AM +0100, Thomas wrote:
>
> Or would you add reject_unknown_sender_domain? It is already used in
> "smptp_recipient_restrictions:
>
>
> smtpd_recipient_restrictions = permit_mynetworks
> reject_unknown_recipient_domain permit_sasl_authenticated
> reject_unauth_destination check_recipient_access
> pcre:/etc/postfix/recipient_access
>
> OK, so far?
> Add something? Remove something?
I mentioned that I think you should only use restrictions you
understand. You are asking me to recommend that you use restrictions
you don't understand to achieve objectives you have not described.
I can't honestly recommend anything other than start with the
default:
smtpd_client_restrictions =
smtpd_helo_restrictions =
smtpd_sender_restrictions =
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
smtpd_data_restrictions =
and add one primitive at a time, provided:
- You understand what you are adding and why.
- You test each evolutionary step to confirm that your understanding
is correct.
For sufficiently small sites, with a DNS cache not forwarded via the ISP,
it is often enough to add zen.spamhaus.org RBL checks. More sophisticated
checks can be added only as needed and as your experience grows.
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majord...@postfix.org?body=unsubscribe%20postfix-users>
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
