Thank you. I fixed this. I didn't suppose that you put earlier order, which
must be used.
2018-06-13 16:41 GMT+02:00 Wietse Venema <wie...@porcupine.org>:
> Poliman - Serwis:
> > Thank you, I will check it. Yesterday night I did:
> > smtpd_recipient_restrictions = permit_mynetworks,
> > permit_sasl_authenticated, check_client_access inline:{91.218.208.22=ok},
> > reject_unauth_destination, reject_rbl_client zen.spamhaus.org,
> > check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf,
> > check_recipient_access mysql:/etc/postfix/mysql-
> virtual_policy_greylist.cf
>
> As in my original reply:
>
> You MUST have the check_client_access inline:{91.218.208.22=ok} AFTER
> the reject_unauth_destination, otherwise they can relay mail through
> your server to arbitrary destinations.
>
> Wietse
>
> > and it worked like I want. Of course thank to your advices.
> >
> > 2018-06-13 12:01 GMT+02:00 Matus UHLAR - fantomas <uh...@fantomas.sk>:
> >
> > > On 12.06.18 09:10, Poliman - Serwis wrote:
> > >
> > >> Thank you for answer. I have in main.cf:
> > >> smtpd_recipient_restrictions = permit_mynetworks,
> > >> permit_sasl_authenticated, reject_unauth_destination,
> reject_rbl_client
> > >> zen.spamhaus.org, check_recipient_access mysql:/etc/postfix/
> > >> mysql-virtual_recipient.cf, check_recipient_access
> mysql:/etc/postfix/
> > >> mysql-virtual_policy_greylist.cf
> > >>
> > >> so, if I understood well, I have to modify above like below:
> > >> smtpd_recipient_restrictions = permit_mynetworks,
> > >> permit_sasl_authenticated, check_client_access
> inline:{91.218.208.22=ok},
> > >> reject_unauth_destination, reject_rbl_client zen.spamhaus.org,
> > >> check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf,
> > >> check_recipient_access mysql:/etc/postfix/mysql-virtu
> > >> al_policy_greylist.cf
> > >>
> > >> am I right?
> > >>
> > >
> > > yes, this should do what you want.
> > > I'll just repeat:
> > >
> > > - I'd use hash instead of inline
> > >
> > > - I'd move reject_rbl_client zen.spamhaus.org at the end, and newly
> > > added check_client_access just in front of it,
> > > so rules in /etc/postfix/mysql-virtual_recipient.cf and
> > > /etc/postfix/mysql-virtual_policy_greylist.cf will be evaulated before
> > > zen.spamhaus.org is used, and they will be
> > > evaluated even for client 91.218.208.22, which may be desired.
> > >
> > > - you may want to evaluate those mysql rules even for sasl
> authenticated
> > > clients abd clients from $mynetworks
> > > --
> > > Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
> > > Warning: I wish NOT to receive e-mail advertising to this address.
> > > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> > > Boost your system's speed by 500% - DEL C:\WINDOWS\*.*
> > >
> >
> >
> >
> > --
> >
> > *Pozdrawiam / Best Regards*
> > *Piotr Bracha*
>
--
*Pozdrawiam / Best Regards*
*Piotr Bracha*
