On 3/15/2011 1:06 PM, Reindl Harald wrote:
Am 15.03.2011 18:50, schrieb Noel Jones:
Change the above to
smtpd_recipient_restrictions =
reject_non_fqdn_sender
reject_unknown_sender_domain
reject_unlisted_sender
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
reject_unlisted_recipient
reject_non_fqdn_helo_name
NB: This provides some protection against bad envelope sender addresses. This
does NOT protect against bad From:
or Reply-To: headers. This does NOT protect mail submitted via the sendmail(1)
command.
hi
does this work for receiving mails from outside correct?
The example rules apply to both authenticated/inside mail, and
outside mail from the general internet.
this time we are using a sql-hack in
"reject_authenticated_sender_login_mismatch"
to prevent that a user sends with a domain for which we would not accept mails
and in case there are some alias-domains we allow even non existent senders
if they domain matches
it would be glad if "reject_unlisted_sender" in "smtpd_sender_restrictions" and
"smtpd_recipient_restrictions" could replace this!
My example rules above are basic "does the sender's domain
exist?" and "if this is my domain does the sender exist?" tests.
The reject_authenticated_sender_login_mismatch gives much
finer control, allowing you to define which senders a
particular authenticated user may use.
Only you can decide if the simple tests meet your needs.
-- Noel Jones
