At 01:31 PM 4/10/2009, Jorey Bump wrote:
Yes, that would also need to follow the map. I recommend that you
dedicate separate maps to check_sender_access and check_client_access;
combining everything into one map is risky.
Actually it looks like there was a typo there:
> check_client_access hash:/etc/postfix/agencies
> reject_unauth_destination
> check_client_access hash:/etc/postfix/access
since check_client_access was in there twice, and "access" wasn't a
client list. I removed the second one ("agencies" can send mail,
"access" controls who mail can be from).
Huh, check_unknown_sender_domain was also duplicated.
thanks for the input.
Rick
I use the default of
smtpd_delay_reject = yes and organize everything under
smtpd_recipient_restrictions, so the pertinent part looks like this:
smtpd_recipient_restrictions =
...
check_sender_access hash:/etc/postfix/sender
reject_non_fqdn_sender
reject_unknown_sender_domain
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
...
reject_rbl_client ...
The addresses I want to whitelist are in /etc/postfix/sender:
mailer-dae...@their.example.com permit_auth_destination
Note that I'm only allowing delivery to my domains; they don't get relay
privileges.
If you want/need to continue using smtpd_sender_restrictions, you might
need a more elaborate configuration. Otherwise, put it under
smtpd_recipient_restrictions and be done with it.
