on 02/02/2011 03:56 PM /dev/rob0 wrote the following:
> On Wed, Feb 02, 2011 at 12:49:49PM +0100, Ralf Hildebrandt wrote:
>> * Ralf Hildebrandt <ralf.hildebra...@charite.de>:
>>
>> The resulting set of restrictions after cleaning up:
>
> And I'll throw in some nitpicks ...
>
>>>> smtpd_helo_required = yes
>>
>>>> smtpd_helo_restrictions =
>
> This being the default, the whole thing can be left out of main.cf
> altogether.
>
>>>> smtpd_client_restrictions =
>>>> hash:/etc/postfix/client_restrictions,
>
> This would be more properly stated as:
> smtpd_client_restrictions = check_client_access
> hash:/etc/postfix/client_restrictions
> The OP was using the (undocumented?) default behavior of the implied
> check_mumble_access lookup in smtpd_mumble_restrictions. Probably
> best to be explicit and say that this is a client lookup.
>
Thanks.
So the final version should be:
######################################
smtpd_helo_required = yes
smtpd_client_restrictions = check_client_access
hash:/etc/postfix/client_restrictions
disable_vrfy_command = yes
smtpd_recipient_restrictions =
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unknown_client,
reject_unknown_hostname,
permit_mynetworks,
reject_unauth_destination,
check_recipient_access pcre:/etc/postfix/recipient_checks.pcre,
check_helo_access hash:/etc/postfix/helo_checks,
check_sender_access hash:/etc/postfix/sender_checks,
check_client_access hash:/etc/postfix/client_checks,
check_client_access pcre:/etc/postfix/client_checks.pcre,
reject_rbl_client zen.spamhaus.org,
permit
smtpd_data_restrictions =
reject_unauth_pipelining,
permit
######################################
