Wietse Venema wrote:
For years I have been using the settings:
smtpd_recipient_restrictions =
permit_mynetworks,
reject_unauth_destination,
permit
This allows relaying only from "local" clients.
smtpd_client_restrictions =
permit_sasl_authenticated,
reject_unknown_address,
reject_unknown_client,
reject_unknown_reverse_client_hostname,
check_client_access hash:/etc/postfix/access,
reject_rbl_client sbl-xbl.spamhaus.org
This allows everything from SASL-authenticated clients, REGARDLESS of
what follows after permit_sasl_authenticated.
Yes, this is my understanding from the documentation. But then, why do I get
"450 4.7.1 Client host rejected: cannot find your reverse hostname" unless I
comment out the three "reject_*"?
This is why you should have followed the mailing list welcome
instructions, and posted "postconf -n" command output instead of
main.cf cut-and-paste fragments.
Sorry, I apologise, here's the output from my postconf -n:
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
disable_vrfy_command = yes
html_directory = no
local_recipient_maps =
mail_owner = postfix
mail_spool_directory = /export/mail
mailbox_size_limit = 1000000000
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
masquerade_domains = $mydomain
message_size_limit = 1000000000
myhostname = home.zioup.com
mynetworks = 127.0.0.0/8,192.168.0.0/21
myorigin = zioup.com
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.5.6/README_FILES
relay_domains = $mydestination, woup.net, unikservice.com, unikservice.net,
unikservice.org
relayhost = shawmail.cg.shawcable.net
sample_directory = /usr/share/doc/postfix-2.5.6/samples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_restrictions = permit_sasl_authenticated,
check_client_access hash:/etc/postfix/access,
reject_rbl_client sbl-xbl.spamhaus.org
smtpd_delay_reject = no
smtpd_helo_required = yes
smtpd_helo_restrictions = reject_non_fqdn_hostname,
reject_invalid_hostname
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks,
reject_unauth_destination, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = /var/lib/postfix/private/auth
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = reject_non_fqdn_sender
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem
smtpd_tls_key_file = /etc/pki/dovecot/private/dovecot.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
strict_rfc821_envelopes = yes
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/valias
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/mail/virtual
virtual_mailbox_domains = zioup.com sollers.ca
virtual_mailbox_limit = 1000000000
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_minimum_uid = 1000
virtual_transport = dovecot
virtual_uid_maps = static:5000
--
Yves. http://www.SollerS.ca/
