On Tue, Mar 19, 2013 at 03:25:01PM -0700, Matthew Hall wrote:
> smtpd_relay_restrictions =
> permit_sasl_authenticated,
> permit_mynetworks,
> reject_unauth_destination
Perfect.
> smtpd_recipient_restrictions =
> reject_invalid_hostname,
> reject_non_fqdn_hostname,
> reject_non_fqdn_sender,
> reject_non_fqdn_recipient,
> reject_unknown_sender_domain,
> reject_unknown_recipient_domain,
Fine, but you often don't want reject_unknown_recipient_domain in
any restrictions. It is not needed for inbound MX hosts, and
interacts poorly with MUA clients on outbound MSAs. It is only
useful on outbound relays that receive mail from from other MTAs.
> reject_unauth_destination,
Already covered in the relay rules, no need to repeat it here.
> check_recipient_access pcre:/etc/postfix/recipient_checks.pcre,
> check_helo_access hash:/etc/postfix/helo_checks,
> check_sender_access hash:/etc/postfix/sender_checks,
> check_client_access hash:/etc/postfix/client_checks,
> check_client_access pcre:/etc/postfix/client_checks.pcre,
> reject_rbl_client zen.spamhaus.org,
> permit
Fine.
--
Viktor.
