On Thu, Apr 07, 2011 at 02:40:09PM -0400, Victor Duchovni wrote: > On Thu, Apr 07, 2011 at 08:27:01PM +0200, G?bor L?n?rt wrote: > > > I don't want to check if rcpt domain is mine (I have no "own" domains on > > this MTA). I want to accept everything if sender is authenticated, since > > it's a mail submit MTA, users can submit mails through it. > > > > I don't need reject_unauth_destination, since every destination is valid :) > > [ok, for sure non-existing or non-fqdn domain is not, also I have an SQL > > based bann list for "bad ones" both for senders and rcpts as you can see > > later with the banned_* sql tables) > > For submission: > > smtpd_recipient_restrictions = > permit_mynetworks, > permit_sasl_authenticated, > reject > > Then feel free to implement other checks in the sender restrictions if > that's easier to understand.
That's OK, but I have different level of HELO checks for SASL and "IP" authenticated users. For sasl authenticated there are no checks (MUAs are not famous to send meaningful HELO/EHLO names as I can say at least) but MTAs which are allowed to relay through this server have more stricter rules, that's why I am implemented it that way. And I wanted to do this as early as possible (so at sender), to match to the old system. But never mind, I am starting to feel that it's useless to think this much, and simplier and more managable config is a nicer solution anyway. Thanks for your answers again!
