On 2/13/2009 4:23 PM, mouss wrote: >>> smtpd_sender_restrictions = >>> check_recipient_access hash:/etc/postfix/moved-employees,
>> Ah! I never even considered I could put check_recipient_access under >> smtpd_sender_restrictions... but if I can put check_client_access under >> smtpd_recipient_restrictions, why not? :) >> >> Just to clarify: doing the above keeps me from becoming an open relay if >> I typo something in the map, while keeping it under >> smtpd_recipient_restrictions leaves me vulnerable to such an error, is >> that correct? > that's the idea. you may decide to replace the hash with a mysql or a > pcre that returns OK for any domain. > > As I said before, this is not a check to fight spammers, but a check you > want to apply to all mail. Right... One more question... in the above example, you did NOT add redundant permit_mynetworks and permit_sasl_authenticated entries above the check_recipient_access under smtpd_sender_restrictions... is this not necessary? If not, why? Or, when *is* it necessary to add the redundant entries? Sorry for being so dense, just want to make sure I understand this correctly... 'it ain't what you don't know that gets you in trouble, it whats you know for sure that just aint so' -- Best regards, Charles
