Jeroen said:
My personal server uses:
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_unknown_reverse_client_hostname,
warn_if_reject
reject_non_fqdn_helo_hostname,
warn_if_reject
reject_invalid_helo_hostname,
warn_if_reject
reject_unknown_helo_hostname,
reject_unauth_pipelining,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
check_helo_access
hash:/etc/postfix/helo_access,
permit
Out of curiosity, does anyone see any drawbacks (such as possibly rejecting
valid mail) to adding "reject_invalid_hostname" to those
smtpd_recipient_restrictions? Also, some other reading I've been doing
suggest adding "smtpd_helo_required = yes" to the main.cf file. Is that
helpful/necessary, or would I already be covered there with the
"reject_invalid_helo_hostname" in the above recipient restrictions?
I've also read another suggestion to add "smtpd_sender_restrictions =
reject_unknown_address" to reject mail that doesn't have any return address.
I've moved all my checks to the recipient restrictions, so if I added this,
it would be my only sender restriction. Am I wrong in thinking this check is
superfluous because of the "reject_non_fqdn_sender" already in the above
recipient restrictions?
It's slowly starting to make more sense. Thanks again to those who have
given me helpful nudges.
Thanks,
Steve
