On Monday, March 16, 2009 at 14:12 CET,
"M. Rodrigo Monteiro" <fale...@rodrigomonteiro.net> wrote:
> > Okay, so move those restrictions above permit_mynetworks. When placing
> > check_sender_access restrictions above reject_unauth_destination in
> > smtpd_recipient_restrictions, you must be very careful not to return
> > OK in that table since that would make you an open relay. If the
> > restriction must apply for clients in mynetworks, I suggest you move
> > the restriction to smtpd_sender_restrictions instead. That way your
> > server cannot turn into an open relay (for that reason, anyway).
>
> Since this server is the gateway for Internet too, how should be
> my smtpd_sender_restrictions, smtpd_recipient_restrictions and
> smtpd_client_restrictions to prevent relay from it, and still
> have the check_*_access working?
Place check_sender_access in smtpd_sender_retrictions, probably
before permit_mynetworks unless you want to exempt local clients
from the checks. As long as smtpd_delay_reject = yes you can place
check_recipient_access in the same place, otherwise you need to keep
them in smtpd_recipient_restrictions (but again, possibly placed
above permit_mynetworks).
--
Magnus Bäck
mag...@dsek.lth.se
