Hi again,
what is your opinion for this configuration:
smtpd_client_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
check_client_access hash:/etc/postfix/access,
# reject_unauth_pipelining,
# reject_unknown_client,
# reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client b.barracudacentral.org,
reject_rbl_client combined.njabl.org,
# reject_rbl_client rbl-plus.mail-abuse.org,
# reject_rbl_client cbl.abuseat.org,
# reject_rbl_client list.dsbl.org,
# reject_rhsbl_sender dsn.rfc-ignorant.org,
permit
smtpd_helo_required = yes
smtpd_helo_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
check_helo_access hash:/etc/postfix/access_helo,
reject_invalid_hostname,
# reject_unknown_hostname,
reject_non_fqdn_hostname,
# reject_unauth_pipelining,
permit
smtpd_sender_restrictions
reject_non_fqdn_sender,
permit_mynetworks,
permit_sasl_authenticated,
check_sender_access hash:/etc/postfix/access_sender,
check_client_access cidr:/etc/postfix/access_client,
reject_sender_login_mismatch,
# reject_non_fqdn_sender,
reject_unknown_sender_domain,
# reject_unauth_pipelining,
permit
smtpd_recipient_restrictions =
reject_non_fqdn_recipient,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
check_recipient_access hash:/etc/postfix/access_recipient,
# check_policy_service unix:private/policy,
reject_unknown_recipient_domain,
# reject_non_fqdn_recipient,
# reject_unauth_pipelining,
permit
smtpd_data_restrictions =
reject_unauth_pipelining
I changed the rules this way. Can you help me to tune them better?
I would like to have different sections for client, sender and recipient
restrictions as above. I need to tune these better.
