On 2010-12-08 9:21 AM, Paul Cartwright wrote: > I didn't realize they were order specific.. > it now reads: > smtpd_recipient_restrictions = permit_mynetworks > permit_sasl_authenticated, reject_unauth_destination check_client_access > pcre:/etc/postfix/fqrdns.pcre, reject_rbl_client dnsbl.sorbs.net, > reject_rbl_client zen.spamhaus.org, reject_rhsbl_sender dbl.spamhaus.org > reject_rhsbl_helo dbl.spamhaus.org, > reject_unknown_sender_domain,reject_unknown_recipient_domain, > reject_non_fqdn_sender, reject_non_fqdn_recipient, check_client_access > cidr:/etc/postfix/china.cidr > > and reload postfix.. > is that better?
Here's the order I would suggest: smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, check_client_access cidr:/etc/postfix/china.cidr check_client_access pcre:/etc/postfix/fqrdns.pcre, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client zen.spamhaus.org, reject_rhsbl_sender dbl.spamhaus.org reject_rhsbl_helo dbl.spamhaus.org, The idea is 'least expensive checks first'... -- Best regards, Charles
