Le 23/01/2011 03:45, IT geek 31 a écrit :
> A recent poster asked for configuration to be checked, and it has made
> me question my own sender and recipient restrictions:
>
> smtpd_sender_restrictions =
> permit_sasl_authenticated,
> permit_mynetworks,
> check_sender_access hash:/usr/pkg/etc/postfix/sender_access,
> reject_non_fqdn_sender,
> reject_unknown_sender_domain,
> reject_unknown_address,
> permit
>
> smtpd_recipient_restrictions =
> permit_sasl_authenticated,
> permit_mynetworks,
> reject_unauth_destination,
> check_sender_access hash:/usr/pkg/etc/postfix/sender_access,
> reject_unauth_pipelining,
> reject_non_fqdn_recipient,
> reject_unknown_recipient_domain,
> reject_rbl_client zen.spamhaus.org,
> check_policy_service inet:127.0.0.1:10023,
> permit
>
> Having looked at my recipient restrictions, I see that I am checking
> my sender_access again. Is this right?
>
it works but is useless.
you can remove smtpd_sender_restrictions and put all your checks under
smtpd_recipient_restrictions, something like this
smtpd_recipient_restrictions =
permit_sasl_authenticated
permit_mynetworks
reject_unauth_destination
reject_non_fqdn_sender
reject_non_fqdn_recipient
#reject_unlisted_sender
#reject_unlisted_recipient
reject_unauth_pipelining
check_sender_access hash:/usr/pkg/etc/postfix/sender_access
reject_unknown_sender_domain
reject_unknown_recipient_domain
reject_rbl_client zen.spamhaus.org
check_policy_service inet:127.0.0.1:10023
> Should I replace this with:
>
> check_recipient_access hash:/usr/pkg/etc/postfix/recipient_access
>
> And create a file listing valid users who can receive mail?
the list of valid recipients should already be there. you can comment
out the lines
reject_unlisted_sender
reject_unlisted_recipient
in the example above top reject invalid senders/recipients soon enough.
you can of course add a check_recipient_access line to add checks on
recipients.
> I have
> read postconf(5) and I that is my understanding.
>
> Any thoughts?
