smtpd_recipient_restrictions sequence

Thu, 13 Aug 2009 14:40:56 -0700 

Hi all,
I'm not so experienced in dealing with postfix unfortunately and not sure if
I'm not breaking something in my security with applying next
smtpd_recipient_restrictions & etc (warn_if_reject - for testing period
only, will remove it later):

unknown_local_recipient_reject_code = 450
smtp_use_tls = yes
smtpd_use_tls = no
smtpd_tls_key_file = /etc/postfix/TLS/myhost.key
smtpd_tls_cert_file = /etc/postfix/TLS/myhost.crt.selfsigned
smtpd_tls_CAfile = /etc/postfix/TLS/myhost.crt.selfsigned
smtpd_tls_loglevel = 2
smtpd_tls_received_header = yes

smtpd_sender_restrictions =
        permit_mynetworks,
        check_sender_access hash:/etc/postfix/sender_checks,

smtpd_recipient_restrictions =
                warn_if_reject check_recipient_access
regexp:/etc/postfix/recipient.regexp,
                permit_mynetworks,
                reject_unauth_destination,
                warn_if_reject reject_unknown_sender_domain,
                reject_rbl_client zen.spamhaus.org,
                reject_rbl_client bl.spamcop.net,
                permit
smtpd_helo_restrictions = 
                warn_if_reject reject_invalid_hostname,
smtpd_require_helo = yes
default_destination_concurrency_limit = 10
default_process_limit = 50

in /etc/postfix/sender_checks:
myhost.myfirstdomain.net              REJECT
localhost                 REJECT

in  /etc/postfix/recipient.regexp something like that (real regexp works ok,
no problem):
!/(^postmaster|^support|^(\+)?[0-9]+)@myseconddomain|(.*)@(myhost\.)?myfirstdomain/
550 illegal recipient

questions:
How does check_recipient_access work in case of no matches for message were
found in /etc/postfix/recipient.regexp: will such message be considered as
ok and  sent to recipient immediately or will pass further through the rest
chain of  rules in smtpd_recipient_restrictions? 

Also I still have no clear understanding what does permit_mynetworks exactly 
mean in the context of smtpd_recipient_restrictions - is it allowance to
send TO any of my networks or send FROM any of my networks? 
(in other words is "mynetworks" = sender  or "mynetworks"= rcpt  here)

the last question ( :) sorry for asking a lot ) - can I just silently drop 
messages with  /etc/postfix/recipient.regexp without sending anything back
to unsuccessful  sender? 

Many thanks for any reply!
Tatiana
-- 
View this message in context: 
http://www.nabble.com/smtpd_recipient_restrictions-sequence-tp24959160p24959160.html
Sent from the Postfix mailing list archive at Nabble.com.

Reply via email to