Re: temporarily deferred

Mon, 20 Jan 2014 12:23:20 -0800 

on 20/01/2014 09:50 μμ li...@rhsoft.net wrote the following:
> 
> your "smtpd_recipient_restrictions" are *dangerous* and wrong
> 
> "reject_unverified_recipient" is the reason for your problem because
> you must not apply it to submision services used by MUA's as said
> 
> "reject_unverified_recipient" in general may lead to get blacklisted
> because in the worst case it doubles your outgoing connections
> to a destination and hit rate-limits there, in case of many non
> existing addresses it may look on the destination that you try
> over and over again ivalid RCPT's and look like a spammer
> 
> "check_*_access" before "reject_unauth_destination" maybe dangerous
> in case of mistakes where it says "permit" and leading to rules
> after it which would deny/reject are not applied
> 
Thanks!
I changed it to the following (does it look OK now)?

smtpd_helo_required = yes

smtpd_restriction_classes =
        has_our_domain_as_sender

has_our_domain_as_sender =
        check_sender_access hash:/etc/postfix/our_domain_as_sender,
        reject

smtpd_recipient_restrictions =
        reject_unknown_recipient_domain,
        reject_non_fqdn_recipient,
        reject_non_fqdn_sender,
        reject_unknown_sender_domain,
        reject_unknown_recipient_domain,
        permit_mynetworks,
        reject_unauth_destination,
        check_client_access hash:/etc/postfix/internal_networks,
        check_sender_access hash:/etc/postfix/not_our_domain_as_sender,
        check_client_access hash:/etc/postfix/sender_access,
        check_sender_access hash:/etc/postfix/sender_access,
        check_recipient_access hash:/etc/postfix/roleaccount_exceptions,
        check_helo_access hash:/etc/postfix/helo_checks,
        reject_non_fqdn_hostname,
        reject_invalid_hostname,
        check_sender_mx_access hash:/etc/postfix/bogus_mx,
        check_sender_access hash:/etc/postfix/rhsbl_sender_exceptions,
        reject_rhsbl_sender dsn.rfc-ignorant.org,
        reject_rbl_client zen.spamhaus.org,
        permit

smtpd_data_restrictions =
        reject_multi_recipient_bounce,
        reject_unauth_pipelining,
        permit

inet_protocols = ipv4
mail_spool_directory = /var/spool/mail
smtpd_relay_restrictions =
permit_mynetworks,permit_sasl_authenticated,defer_unauth_destination

Reply via email to