Daniel L'Hommedieu a écrit :
> [snip]
> For those who are curious, here is my smtpd_recipient_restrictions:
>
> smtpd_recipient_restrictions = permit_sasl_authenticated,
> permit_mynetworks,
put
reject_unauth_destination
here. don't play with fire.
> check_sender_access pcre:/etc/postfix/reject_my_domain,
> reject_invalid_hostname,
> reject_non_fqdn_hostname,
> reject_non_fqdn_sender,
> reject_non_fqdn_recipient,
> reject_unknown_sender_domain,
> reject_unknown_recipient_domain,
> reject_unauth_pipelining,
> reject_unauth_destination,
> reject_rbl_client zen.spamhaus.org
>
> /etc/postfix/reject_my_domain contains:
> /@foo\.net/ 554 You are not from foo.net.
> /@bar\.com/ 554 You are not from bar.com.
> /@oof\.com/ 554 You are not from oof.com.
>
1- you don't need pcre here. hash (or better yet, cdb) is enough. see
the example in my previous post.
2- when using pcre, make sure to "terminate" the expression. use
/@foo\.net$/ ....
otherwise, you would match @foo.networkblahblah.com.
3. do not "hijack" domains. bar.com, ... are valid domains. use:
example.com, example.org, example.net, *.example instead.
> [snip]
