Hi again Matus, oh, now I got it! After your reply, I now have in my master.cf ($mua_*);
submission inet n - y - - smtpd -o smtpd_sasl_auth_enable=yes -o smtpd_tls_auth_only=yes -o smtpd_sender_restrictions=$mua_sender_restrictions -o smtpd_recipient_restrictions=$mua_recipient_restrictions -o smtpd_relay_restrictions=permit_sasl_authenticated,reject submissions inet n - y - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_sender_restrictions=$mua_sender_restrictions -o smtpd_recipient_restrictions=$mua_recipient_restrictions -o smtpd_relay_restrictions=permit_sasl_authenticated,reject for both 'submission' and 'submissions'. And in main.cf, I replaced smtpd_sender* and smtpd_recipient* with: mua_sender_restrictions = reject_non_fqdn_sender, reject_unlisted_sender, permit_mynetworks, permit_sasl_authenticated, reject_unknown_sender_domain, permit mua_recipient_restrictions = reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, reject_unlisted_recipient, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client zen.spamhaus.org=127.0.0.[2..11], .... check_policy_service unix:private/spf-policy, permit I think this is a better approach, if I did it correctly? Could you confirm please? Much regards, Mark. Matus UHLAR - fantomas via Postfix-users <postfix-users@postfix.org>, 5 Şub 2024 Pzt, 16:33 tarihinde şunu yazdı: > On 05.02.24 15:46, Mark wrote: > >Thanks for the idea below. I'm going to try wrapping them in $mua in > main.cf > >. > > > >However, you said; > > > >"Looking at your smtpd_recipient_restrictions and using reject_rbl_client, > >you need to override them too." > > > >I really didn't get this, by "overriding" could you explain further please > >where I made a mistake? > > all settings like "smtpd_recipient_restrictions" are taken from main.cf, > unless they are overridden in master.cf like this: > > >> >submission inet n - y - - smtpd > >> > -o smtpd_sasl_auth_enable=yes > >> > -o smtpd_tls_auth_only=yes > >> > -o smtpd_sender_restrictions=permit_sasl_authenticated,reject > >> > -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject > >> > -o smtpd_relay_restrictions=permit_sasl_authenticated,reject > > > so, you override content of settings in main.cf. > > Since your smtpd_recipient_restrictions in main.cf: > > >> >But I guess most of my rules are happening in main.cf, which is > listed > >> >here; > >> > > >> >https://pastebin.mozilla.org/i5tMtPAk > > contain number of reject_rbl_client options, it makes sense to override > them > as above: > > "-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject" > > > In short, I have commented out smtpd_sender_restrictions and > smtpd_recipient_restrictions in master.cf, you better keep them as they > are. > > >> looking at yout smtpd_recipient_restrictions and using > reject_rbl_client, > >> you need to override them too. > >> I have moved those to postscreen and only use like nonexistent domains, > >> users, banned domains described above > > -- > Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ > Warning: I wish NOT to receive e-mail advertising to this address. > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > Posli tento mail 100 svojim znamim - nech vidia aky si idiot > Send this email to 100 your friends - let them see what an idiot you are > _______________________________________________ > Postfix-users mailing list -- postfix-users@postfix.org > To unsubscribe send an email to postfix-users-le...@postfix.org >
_______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
