On Thu, 2010-08-05 at 11:02 -0500, Noel Jones wrote: > > You should remove your smtpd_client_restrictions and > smtpd_helo_restrictions (and smtpd_sender_restrictions if > you're using it) and put everything under smtpd_recipient > restrictions arranged like so: > > smtpd_recipient_restrictions = > # allow local access > permit_mynetworks > # reject relay attempts > reject_unauth_destination > # client whitelist. Whitelist CLIENTS here. A client > # can be an IP or a domain name without leading dots. > check_client_access hash:/etc/postfix/client_whitelist > # local recipient blacklist > check_recipient_access > hash:/etc/postfix/denied-system-mailboxes > # all anti-spam restrictions go below here
Not to hijack this thread but can I ask a question regarding your comment above? You recommend keeping all client/helo restriction in the smtpd_sender_restrictions. Is there any use case where the smtpd_client_restrictions/smtpd_helo_restrictions would be preferred over smtpd_sender_restrictions? If not, why are they there? I understand that with smtpd_delay_reject, evaluation of the status for client/helo/sender restrictions will not happen until the RCPT TO command anyway. If you had checks in smtpd_client_restrictions wouldn't they still be evaulated prior to checks in smtpd_recipient_restrictions? What's the advantage of having all checks in smtpd_recipient_restrictions? Sorry, that's more than one question :/ -- Sincerely, Adam Lanier Voyant Strategies Inc.
