Today I downloaded Ralph Hildebrandt's Postfix example and used his 'check_helo_access' example in my configuration. I have not 'reloaded' Postfix yet because I want to make sure that I did not add this in and cause any redundant checks or worse, break something. Can you guys please review my main.cf and tell me if I added this into the correct sections / order?
Below is an output of my 'postconf -n' *****START POSTCONF -N***** address_verify_sender = $double_bounce_sender alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases, hash:/etc/mailman/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix content_filter = amavisfeed:[127.0.0.1]:10024 daemon_directory = /usr/libexec/postfix home_mailbox = Maildir/ html_directory = no inet_interfaces = all mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man message_size_limit = 20480000 mydestination = $myhostname, $mydomain, mail.$mydomain mydomain = iamghost.com myhostname = mail.iamghost.com mynetworks = $config_directory/mynetworks myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix recipient_delimiter = + relay_domains = sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_tls_security_level = may smtpd_banner = $myhostname ESMTP smtpd_delay_reject = yes smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_pipelining, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, reject_unlisted_recipient, check_policy_service unix:postgrey/socket, check_sender_access hash:/etc/postfix/sender_access, check_helo_access pcre:/etc/postfix/helo_checks.pcre, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_reverse_client_hostname, permit smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/ssl/mail.crt smtpd_tls_key_file = /etc/ssl/mail.key smtpd_tls_loglevel = 1 smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_cache smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 550 *****END POSTCONF -N***** As you can see I added the 'check_helo_access' in my 'smtpd_recipient_restrictions'. I was wondering if this was the correct section in my main.cf for 'check_helo_access'? I thought this would go in the 'smtpd_helo_restrictions' in my main.cf however I just read in "The Book of Postfix" that this trigger applies to the envelope recipient(s), sender, & the HELO/EHLO argument. To me that makes it sound like all checks should be listed under 'smtpd_recipient_restrictions', no? Let me know what you think from my Postfconf -n above and if it's not too much trouble, if anyone can comment on my thoughts on why this particular trigger is listed under the sections discussed in this paragraph. Thanks for any clarification.
