I'd change this part (from primary MX):
smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks, reject_unauth_destination, permit_mx_backup
by adding check_sender_access hash:/etc/postfix/sender_access
after permit_mx_backup
Note that permit_mx_backup implies permit_auth_destination, so
the above advice won't work.
Far better: Don't use permit_mx_backup and list the proper
domains in relay_domains.
Good idea is to take benefit from RBLs, like zen.spamhaus.org.
Agreed.
--
Noel Jones
