On 2014-01-20 21:58, Aggelos wrote:
Thanks. Do the following look OK?
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_unverified_recipient,
reject_unknown_recipient_domain,
reject_non_fqdn_recipient,
reject_non_fqdn_sender,
move this one before permit_*
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
check_client_access hash:/etc/postfix/internal_networks,
why this one ?, this check should really be listed in mynetworks, and
permit_mynetworks alrady accept it ?
check_sender_access hash:/etc/postfix/not_our_domain_as_sender,
you accept forged senders ?
check_client_access hash:/etc/postfix/sender_access,
check_sender_access hash:/etc/postfix/sender_access,
why this 2 lines ?
check_recipient_access hash:/etc/postfix/roleaccount_exceptions,
check_helo_access hash:/etc/postfix/helo_checks,
reject_non_fqdn_hostname,
reject_invalid_hostname,
check_sender_mx_access hash:/etc/postfix/bogus_mx,
check_sender_access hash:/etc/postfix/rhsbl_sender_exceptions,
reject_rhsbl_sender dsn.rfc-ignorant.org,
this is a dead domain, google rfc-ignorant
reject_rbl_client zen.spamhaus.org,
permit
permit what ? :=)
