On 3/27/2013 5:11 PM, Matthew Hall wrote: > Hello, > > I ran into a bit of an issue trying out fqrdns.pcre as recommended > here in this thread. The header in the file recommended adding it into > smtpd_client_restrictions. However if I place it there, I end up > rejecting mail even from SASL authenticated client devices, if they > also match a rule in fqrdns.pcre.
The blurb in the file you refer to says: # smtpd_client_restrictions # ... # check_reverse_client_hostname_access pcre:/etc/postfix/fqrdns.pcre # ... The "..." means something belongs there, and it's up to you to figure it out. A typical implementation that would exempt local networks and authenticated clients would look something like: # main.cf smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated check_reverse_client_hostname_access pcre:/etc/postfixfqrdns.pcre While the example I show is very common, there are other valid settings. One could argue the example included in the file should be clearer (and it's missing the required '='). > > Is it acceptable to put it into smtpd_relay_restrictions instead? I am > worried if I do this, it would not be able to prevent these bad hosts > from sending mail directly to my domain (non-relay), which kind of > defeats the purpose of using it for botnet protection. smtpd_relay_restrictions should be reserved for relay decisions only. Anti-spam controls should be in one of the other smtpd_*_restrictions sections. -- Noel Jones
