Am 03.12.2014 um 13:40 schrieb mancyb...@gmail.com:
On Wed, 03 Dec 2014 13:18:45 +0100
"li...@rhsoft.net" <li...@rhsoft.net> wrote:
put the exchange host in "mynetworks" and just add "permit_mynetworks"
*before* "reject_authenticated_sender_login_mismatch"
Hi, my whole 'smtpd_recipient_restrictions' is:
smtpd_recipient_restrictions =
permit_mynetworks,
check_policy_service inet:127.0.0.1:10031,
check_sender_access hash:/etc/postfix/sender_access,
check_recipient_access
hash:/etc/postfix/check_recipient_access_skip_blacklists,
reject_authenticated_sender_login_mismatch,
reject_unauthenticated_sender_login_mismatch,
permit_sasl_authenticated,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unauth_destination,
reject_unauth_pipelining,
reject_invalid_hostname,
check_client_access hash:/etc/postfix/rbl_override
reject_rbl_client zen.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client bl.spamcop.net,
this is a server with many domains and users (and filters, also custom antispam
filters).
Wouldn't your suggested modification disable all the rest of the processing
logic ?
I mean .. would reject_rbl_client zen.spamhaus.org still be considered ?
If that's the case, wouldn't be easy to spoof the domain and abuse the server?
if the sending host is controlled by you it makes no sense to do RBL
checks for one of your own machines and so it should be safe add the
host to "mynetworks"
