On Wed, Feb 02, 2011 at 12:49:49PM +0100, Ralf Hildebrandt wrote:
> * Ralf Hildebrandt <ralf.hildebra...@charite.de>:
>
> The resulting set of restrictions after cleaning up:
And I'll throw in some nitpicks ...
> > > smtpd_helo_required = yes
>
> > > smtpd_helo_restrictions =
This being the default, the whole thing can be left out of main.cf
altogether.
> > > smtpd_client_restrictions =
> > > hash:/etc/postfix/client_restrictions,
This would be more properly stated as:
smtpd_client_restrictions = check_client_access
hash:/etc/postfix/client_restrictions
The OP was using the (undocumented?) default behavior of the implied
check_mumble_access lookup in smtpd_mumble_restrictions. Probably
best to be explicit and say that this is a client lookup.
> > > disable_vrfy_command = yes
>
> > > smtpd_recipient_restrictions =
> > > reject_invalid_hostname,
> > > reject_non_fqdn_hostname,
> > > reject_non_fqdn_sender,
> > > reject_non_fqdn_recipient,
> > > reject_unknown_sender_domain,
> > > reject_unknown_recipient_domain,
> > > reject_unknown_client,
> > > reject_unknown_hostname,
> > > permit_mynetworks,
> > > reject_unauth_destination,
> > > check_recipient_access pcre:/etc/postfix/recipient_checks.pcre,
> > > check_helo_access hash:/etc/postfix/helo_checks,
> > > check_sender_access hash:/etc/postfix/sender_checks,
> > > check_client_access hash:/etc/postfix/client_checks,
> > > check_client_access pcre:/etc/postfix/client_checks.pcre,
> > > reject_rbl_client zen.spamhaus.org,
> > > permit
> > >
> > > smtpd_data_restrictions =
> > > reject_unauth_pipelining,
> > > permit
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
