On 16.06.19 16:12, @lbutlr wrote:
Since I have moved all local users to virtual users and switched dovecot to
lmtp from lda, I was able to add reject_unverified_recipient to my
restrictions, and it occurred to me maybe some of the other restrictions
could be eliminated.
Do reject_non_fqdn_recipient, reject_unauth_destination, do anything that
isn’t done with the check for unverified recipient?
smtpd_recipient_restrictions = reject_unauth_destination
reject_non_fqdn_sender
reject_non_fqdn_recipient
reject_unknown_recipient_domain
reject_unknown_sender_domain
reject_unlisted_recipient
reject_unlisted_sender
reject_invalid_hostname
this was replaced by reject_invalid_helo_hostname
reject_unverified_recipient
reject_unknown_reverse_client_hostname
reject_unknown_client_hostname
reject_unknown_client_hostname is superflous to
reject_unknown_reverse_client_hostname, you don't need both of them.
people here often advise using reject_unknown_reverse_client_hostname over
reject_unknown_client_hostname because it's less strict (doesn't require
rdns to be forward confirmed).
permit
I would reorder this list to do simple rejections first:
reject_unknown_client_hostname, reject_invalid_helo_hostname,
reject_non_fqdn_sender, reject_unknown_sender_domain,
reject_non_fqdn_recipient, reject_unknown_recipient_domain,
reject_unlisted_sender, reject_unlisted_recipient,
reject_unauth_destination
reject_unverified_recipient
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"Two words: Windows survives." - Craig Mundie, Microsoft senior strategist
"So does syphillis. Good thing we have penicillin." - Matthew Alton
