On 9/5/2024 12:45 PM, Noel Jones via Postfix-users wrote:
On 9/5/2024 9:05 AM, Thomas Cameron via Postfix-users wrote:
smtpd_recipient_restrictions =
check_sender_access regexp:/etc/postfix/sender_access
permit_mynetworks
permit_auth_destination
Note permit_auth_destination allows any mail addressed to you. This
effectively bypasses all your nice rbl rules below.
permit_sasl_authenticated
You should probably put
reject_unauth_destination
here.
reject_rbl_client [obfuscated].zen.dq.spamhaus.net=127.0.0.
[2..11]
...
reject_rhsbl_reverse_client
[obfuscated].zrd.dq.spamhaus.net=127.0.2.[2..24]
reject
This final reject on smtpd_recipient_restrictions is unneeded. I
guess that's why you put the permit_auth_destination above. Just
remove both of those.
This is not an exhaustive review of your restrictions, just
something that jumped out at me.
So my overarching question is, am I being dense by rejecting these
spammy domains? My sender_access file looks like this:
It's totally reasonable to reject whole TLDs that you don't expect
to get legit mail from. Same with check_client_access and whole
network blocks. Especially if you're prepared to make exceptions.
-- Noel Jones
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
