Just doing a bit of a sanity check/tidy-up on my Postfix box, I've not had to go near it for ages as it all just works, but I'm checking a few other things and I'm slowly reminding myself of various Postfix related things.
These are my current restrictions, I think the map names are indicative of what they do. I'd appreciate any tips on streamlining/optimizing these - for example I know the DKIM one is where it is because it has to kick in before "permit_mynetworks" so it triggers even if it's spam and the mail is then rejected by a further check such as SPF. The box is an internet facing relay. smtpd_recipient_restrictions = check_recipient_maps, check_client_access hash:/etc/postfix/client_blacklist, check_sender_access hash:/etc/postfix/sender_blacklist, # Call dkim proxy to sign mail from @ourdomain check_sender_access hash:/etc/postfix/dkim_sign permit_mynetworks, reject_unauth_destination, check_client_access hash:/etc/postfix/client_whitelist, check_sender_access hash:/etc/postfix/sender_whitelist, check_sender_access hash:/etc/postfix/trusted_domains, check_helo_access regexp:/etc/postfix/helo_checks.regexp, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unauth_pipelining, reject_rbl_client zen.spamhaus.org, reject_rhsbl_client multi.uribl.com, reject_rhsbl_sender multi.uribl.com, reject_rhsbl_sender multi.surbl.org, reject_rhsbl_client multi.surbl.org, check_policy_service unix:private/spf, check_client_access regexp:/etc/postfix/greylist_dyn_fqdn.regexp, check_client_access regexp:/etc/postfix/greylist_hosts.regexp, permit Thanks, Paul -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. Registered in England and Wales No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited.
