On 1/23/2011 6:34 AM, IT geek 31 wrote:
On 23 January 2011 10:15, mouss<mo...@ml.netoyen.net> wrote:
Le 23/01/2011 03:45, IT geek 31 a écrit :
A recent poster asked for configuration to be checked, and it has made
me question my own sender and recipient restrictions:
smtpd_sender_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
check_sender_access hash:/usr/pkg/etc/postfix/sender_access,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_unknown_address,
permit
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination,
check_sender_access hash:/usr/pkg/etc/postfix/sender_access,
reject_unauth_pipelining,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_rbl_client zen.spamhaus.org,
check_policy_service inet:127.0.0.1:10023,
permit
Having looked at my recipient restrictions, I see that I am checking
my sender_access again. Is this right?
it works but is useless.
I think I remember why I put it in there. My sender_access files
primarily defines a list of friendly addresses which I do not want to
be policy checked. The idea is that if an address is found in this
list, it skips past any further checks.
you can remove smtpd_sender_restrictions and put all your checks under
smtpd_recipient_restrictions, something like this
My understanding of postconf(5) is that smtpd_sender_restrictions
applies to the MAIL FROM command.
No, the different smtpd_*_restrictions define *when* or in
what order the checks run. This is further simplified by the
sane default smtpd_delay_reject=yes, which delays evaluation
of smtpd_{client, helo, sender, recipient}_restrictions until
after RCPT TO.
The result for the end user is that any section can apply to
any data, giving wonderful flexibility for when it's needed,
or putting all checks in smtpd_recipient_restrictions,
simplifying the setup.
For example I have an access file
which contains my two friends, Richard and Bill:
bill.clin...@whitehouse.gov OK
richard.ni...@whitehouse.gov REJECT
I also understand smtpd_recipient_restrictions applies to the RCPT TO
command. So if I remove that check from smtpd_sender_restrictions and
add it to smtpd_recipient_restrictions, then mails from Richard will
get through.
No, see above.
check_recipient_access hash:/usr/pkg/etc/postfix/recipient_access
And create a file listing valid users who can receive mail?
the list of valid recipients should already be there.
Where? I don't think I have defined this anywhere.
Postfix should already have a list of valid users. Where the
list is depends on what address class your domain is in.
http://www.postfix.org/ADDRESS_CLASS_README.html
For the common case of a local domain:
http://www.postfix.org/LOCAL_RECIPIENT_README.html
-- Noel Jones
