OK, that was unexpected. I clearly don't understand the distinction between client, sender and recipient restrictions. Why are they separate?
On Jul 14, 2011, at 4:39 PM, Noel Jones wrote: > On 7/14/2011 4:32 PM, Robert Schmid wrote: >> My apologies if this has been asked and answered. I set my postfix server up >> several years ago and haven't looked at it since. Now I am a bit confused >> about it. >> >> I host several domains and I have a decent level of restrictions aimed >> primarily at UCE. I have one domain that wants no blocked email, though. >> They would rather get the spam. How can I configure postfix to check the >> recipient domain first and allow all those mails through and THEN do all the >> normal checks in the regular order which I understand to be client, helo, >> sender, recipient, data, or end-of-data. So what I want is a check that goes >> >> recipient for one permissive domain >> client >> helo >> sender >> recipient AGAIN for the other domains >> data >> end-of data >> >> Is this just a matter of multiple lines for recipient restrictions in the >> appropriate order in the file so that; >> >> smtpd_client_restrictions = permit_mynetworks reject_rbl_client >> bl.spamcop.net reject_rbl_client sbl.spamhaus.org reject_rbl_client >> xbl.spamhaus.org permit >> >> smtpd_Sender_restrictions = reject_unknown_sender_domain, >> reject_non_fqdn_hostname, >> >> smtpd_recipient_restrictions = permit_sasl_authenticated, >> permit_mynetworks, reject_unauth_destination, check_policy_service >> inet:127.0.0.1:10023, permit >> >> smtpd_data_restrictions = reject_unauth_pipelining, permit >> >> > > Put all your restrictions under smtpd_recipient_restrictions, > whitelisting the spamlover before other restrictions. > > smtpd_client_restrictions = > smtpd_sender_restrictions = > (both above set empty, which is the default. or just remove > them from main.cf) > > > smtpd_recipient_restrictions = > permit_sasl_authenticated > permit_mynetworks > reject_unauth_destination > check_recipient_access hash:/etc/postfix/recipient_whitelist > reject_unknown_sender_domain > reject_non_fqdn_hostname > reject_rbl-whatever foo > check_policy_service whatever: > > > > -- Noel Jones
