On Sat, Mar 03, 2012 at 12:14:41PM +0200, Nikolaos Milas wrote: > On 22/2/2012 1:31 πμ, mouss wrote: > >it is safer to use smtpd_sender/helo/client_restrictions instead > >of smtpd_recipient_restrictions: > > > >smtpd_sender_restrictions = > > check_recipient_access hash:/etc/postfix/protected_users, > > ... > > > >this way, errors in your checks or maps won't break the > >functionality of reject_unauth_destination, which is there to > >protect you (and us) from being an open relay. > > Thank you very much for the advice. > > Some clarifications, please: > > You mean that an error entry in the maps might be such that it > would allow - under certain circumstances - an undesired "ACCEPT" > which would bypass reject_unauth_destination (due to the resulting > stop in the evaluation of the rest of the statements in the > smtpd_recipient_restrictions directive)?
Right, just as documented here: http://www.postfix.org/SMTPD_ACCESS_README.html#danger > Or is it possible that an error in the maps might cause the whole > smtpd_recipient_restrictions directive to become inoperable? If that happened, all mail would be rejected as "451 4.3.5 Server configuration error". > Also a documentation one: If the very same restriction can be > equally well placed either within smtpd_recipient_restrictions or > smtpd_sender_restrictions, yet it is better to be placed within the > latter, wouldn't it be useful to mention this in the associated > examples in the relevant documentation page > (http://www.postfix.org/RESTRICTION_CLASS_README.html) The idea is that ANY restriction which could result in a permit should stay out of smtpd_recipient_restrictions or should follow reject_unauth_destination, and that idea is conveyed in the link above. The RESTRICTION_CLASS_README is an advanced topic, and it presumes familiarity with the more basic documentation in the SMTPD_ACCESS_README. > which we usually use as a reference? Are there any other > important differences between the two approaches? Another trick I use (count me among the people who generally "recommend placing ALL the access restrictions in the smtpd_recipient_restrictions list") is to always use a "permit_auth_destination" result (not "OK" nor "permit") in check_mumble_access maps. Sometimes it is easier to offload a few restrictions to another stage. There is no clear-cut, always right (nor always wrong) way. Just be aware of who you are allowing to relay and why. Best practice: use a separate submission service and ONLY allow relay through that, not on port 25 at all. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
