On Wed, May 07, 2014 at 07:58:26PM +0200, Sebastian Nielsen wrote:
> Works EXCELLENTLY. Did fine-tune it a little bit, but then it works
> excellently now.
The fine-tuning makes it likely that your system will be an open
relay some day. I chose smtpd_sender_restrictions for this
deliberately. Do NOT use sender-based whitelisting in relay
restrictions.
> smtpd_relay_restrictions = check_sender_access hash:/etc/postfix/access,
> reject_unauth_destination
> smtpd_recipient_restrictions = reject_unknown_sender_domain,
> reject_unknown_recipient_domain, reject_unauth_pipelining,
> check_sender_access hash:/etc/postfix/access, reject_unauth_destination
> smtpd_sender_restrictions = reject_unknown_sender_domain,
> check_sender_access hash:/etc/postfix/access
> mynetworks = 127.0.0.0/8 192.168.0.0/16
>
> /etc/postfix/access:
> sebbe.eu permit_mynetworks, reject
DO NOT use a single generic access(5) file for semantically different
access checks. Sender lookups are not recipient lookups are not
client lookups, ...
I used an access table dedicated to sender policy. The fine-tuning
removed all the carefully considered safety measures.
--
Viktor.
