I'm confused about the following in the main.cf
smtpd_receipient_restrictions
smtpd_sender_restrictions
smtpd_client_restrictions
smtpd_data_restrictions ---- this I pretty much get
smtpd_helo_restrictions ---- this I pretty much get
Now with postfix all of these are blank except
smtpd_receipient_restrictions. The default is something simple. Based
on mynetworks to let your network through and then reject unauthorized
destination to block anything else. Now it has turned into a real
nightmare. I treid to apply some ip numbers to the access list and it
did not work. I used my test server to backtrack the problem under
smtpd_client_restrictions with reject unknown client. So below is all
my restrictions. If you can clean them up or recommend anything to
add. It should help me have less problems. For example some people
have reject at the end of most everything while other have permit or
leave blank.
Thanks,
Josh
(I use pop-before-smtp) I get confused because the quick guide to pop
to smtp says to put reject_non_fqdn_recipeint. So then I ask why there
and not below. Seems like everybody has there own way of doing
something and as I found out today. It can cause problems.
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
check_client_access hash:/etc/postfix/access,
check_client_access hash:/etc/postfix/pop-before-smtp,
reject_unauth_destination,
reject_non_fqdn_recipient,
reject_unlisted_recipient,
reject_unknown_sender_domain,
reject_unverified_sender,
reject_multi_recipient_bounce,
reject_invalid_hostname,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
check_helo_access regexp:/etc/postfix/helo.regexp,
reject_rbl_client multi.uribl.com,
reject_rbl_client dsn.rfc-ignorant.org,
reject_rbl_client dul.dnsbl.sorbs.net,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client dnsbl.sorbs.net,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client ix.dnsbl.manitu.net,
reject_rbl_client combined.rbl.msrbl.net,
reject_rbl_client rabl.nuclearelephant.com
smtpd_data_restrictions =
reject_unauth_pipelining,
reject_multi_recipient_bounce,
permit
# Requirements for the sender details
smtpd_sender_restrictions =
permit_mynetworks,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_unauth_pipelining,
check_sender_access hash:/etc/postfix/sender_access,
permit
(do I really need pop-before-smtp there? Somebody else had it in a example?)
# Requirements for the connecting server
smtpd_client_restrictions =
permit_mynetworks,
check_client_access hash:/etc/postfix/access,
check_client_access hash:/etc/postfix/pop-before-smtp,
reject_unknown_client,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client dnsbl.njabl.org,
reject_unauth_destination
smtpd_helo_restrictions =
permit_mynetworks,
regexp:/etc/postfix/helo.regexp,
permit
--
This message has been scanned for viruses and
dangerous content by Mychoice, and is
believed to be clean.
