On Tue, Feb 16, 2010 at 10:46:31PM +0100, Ralf Hildebrandt wrote:
> > smtpd_recipient_restrictions =
> > permit_mynetworks,
> > check_client_access hash:/etc/postfix/helo_access,
> > permit_sasl_authenticated,
> > reject_unauth_destination,
> > reject_non_fqdn_recipient,
> > reject_unknown_recipient_domain,
> > reject_non_fqdn_helo_hostname,
> > reject_invalid_helo_hostname
> > reject_unlisted_recipient,
> > reject_rbl_client zen.spamhaus.org,
> > reject_rbl_client bl.spamcop.net
> >
> >
> > and my :/etc/postfix/helo_access is
> >
> > smtp.domaineok.com OK
> > * REJECT
>
> The key "*" is not defined (man 5 access)
> Are you sure using the HELO is a smart idea?
The OP is not using a HELO check, it is a "check_client_access" check.
> Better:
>
> smtpd_recipient_restrictions =
> check_client_access hash:/etc/postfix/smtp.domaineok.com
> reject
>
> /etc/postfix/smtp.domaineok.com contains:
> smtp.domaineok.com OK
This is unreliable in the face of temporary DNS lookup errors. Access
tables that "permit" via client DNS names are discouraged, as mail
is lost when DNS temp-fails.
--
Viktor.
P.S. Morgan Stanley is looking for a New York City based, Senior Unix
system/email administrator to architect and sustain our perimeter email
environment. If you are interested, please drop me a note.
