Re: smtpd_restrictions sanity check

Sun, 01 Nov 2009 06:38:33 -0800 

Alex a écrit :
> Hi all,
> 
> Hopefully I don't have the most frequently asked question, but I'm
> spinning my wheels and perhaps followed some bad advice. I hoped
> someone could look over my recipient restrictions to see if I'm making
> some kind of mistake:
> 
> smtpd_recipient_restrictions =
>         reject_invalid_hostname,
>         reject_non_fqdn_hostname,
>         reject_non_fqdn_sender,
>         reject_non_fqdn_recipient,
>         reject_unknown_sender_domain,
>         reject_unknown_recipient_domain,
>         reject_unauth_pipelining,
>         check_client_access hash:/etc/postfix/client_checks,
>         check_recipient_access pcre:/etc/postfix/relay_recips_checks,
>         check_helo_access hash:/etc/postfix/helo_checks,
>         check_sender_access hash:/etc/postfix/sender_checks,
>         check_sender_access hash:/etc/postfix/disallow_my_domain,
>         permit_mynetworks,
>         check_recipient_access pcre:/etc/postfix/recipient_checks,
>         reject_unauth_destination,
>         reject_maps_rbl,
>         permit
> 


smtpd_recipient_restrictions =
        reject_non_fqdn_sender
        reject_non_fqdn_recipient
        permit_mynetworks
        #permit_sasl_authenticated
        reject_unauth_destination
        #
        reject_invalid_hostname
        reject_non_fqdn_hostname
        reject_unknown_sender_domain
        #
        check_client_access hash:/etc/postfix/client_checks
        check_recipient_access pcre:/etc/postfix/relay_recips_checks
        check_helo_access hash:/etc/postfix/helo_checks
        check_sender_access hash:/etc/postfix/sender_checks
        check_sender_access hash:/etc/postfix/disallow_my_domain
        check_recipient_access pcre:/etc/postfix/recipient_checks
        #
        reject_rbl_client zen.spamhaus.org
        


> I originally had permit_mynetworks further up, but it seems
> client_checks was then being ignored, despite the client not being on
> my network.
> 
> I'm now trying to provide a mail server that is not part of my
> networks to my network.
> 
> I also have a handful of cron scripts that run on this remote network
> that send mail to my network, but with internal hostnames that aren't
> resolvable once they reach my network. Do I just add them to my
> postfix hosts file or is there a way to avoid checking the hostname
> (sender access?) so they aren't rejected with "Sender address
> rejected: Domain not found"?
> 
> Thanks,
> Alex

Reply via email to