On Fri, Mar 26, 2010 at 12:22:55AM +0000, Jamie Griffin wrote: > I'm going to re-read about smtpd_*_restrictions to better understand what > i've done because from what you've said I could improve my configuration but > can i ask quickly, do you mean I can move all of the smtpd restrictions i'm > using into $smtpd_recipeint_restrictions ?
Yes, actually it makes your main.cf much more uncluttered and less error prone. This are my restrictions, which I use on with various servers serving some messages per hour up to severel hundred messages per minute: smtpd_recipient_restrictions = check_recipient_access = btree:/etc/postfix/access_rfc-recipient, # check_client_access = btree:/etc/postfix/access_client, # check_helo_access btree:/etc/postfix/access_helo, # check_sender_access btree:/etc/postfix/access_sender, # check_recipient_access btree:/etc/postfix/access_recipient, reject_unauth_pipelining, reject_invalid_helo_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, permit_sasl_authenticated, permit_mynetworks, reject_rbl_client ix.dnsbl.manitu.net, reject_rbl_client zen.spamhaus.org, reject_rbl_client dnsbl.njabl.org, reject_rhsbl_client blackhole.securitysage.com, check_policy_service unix:/public/postgrey, reject_unverified_recipient, # permit_mx_backup, # reject_unauth_destination, permit The first two lines are really one line, because of an irritating line breaking I made a manual wordwrab. And the last permit is yust for completeness, it is default. For the rest it is mostly copied from the greman book "Das Postfix-Buch" written by Peer Heinlein. The double occurrence of 'check_recipient_access =' assures in the first entry the unconditionally acceptance from emails to postmaster@ or abuse@ to comply with the RFCs 822 and 2142. The second occurence can be used to whitelist some faulty senders I whish to receive. Of course the rbl entries are working for me, but this does not say they do so for you. On my sites I never became aware of problems with NiX SPAM (manitu.net) whilst other people report frequend false positives. > Jamie. Dennis
