_restrictions

Tue, 16 Jun 2020 15:38:23 -0700 

Hi,
I'm cleaning up my postfix configs and am wondering if I can improve / should change my _restrictions on postfix 3.3 / 3.5: 

local postfix instance:

smtpd_client_restrictions =
    permit_mynetworks
    permit_sasl_authenticated
smtpd_helo_restrictions =
    permit_mynetworks
    permit_sasl_authenticated
smtpd_sender_restrictions =
    permit_mynetworks
    permit_sasl_authenticated
smtpd_recipient_restrictions =
    permit_mynetworks
    permit_sasl_authenticated
    reject_unauth_destination
smtpd_data_restrictions =
    permit_mynetworks
    permit_sasl_authenticated
    reject_unauth_pipelining

relaying instance inbound:

smtpd_client_restrictions =
    permit_mynetworks
    permit_sasl_authenticated
    warn_if_reject check_client_access hash:/etc/postfix-in/client_access
    warn_if_reject reject_unknown_client_hostname
    warn_if_reject reject_unknown_reverse_client_hostname
    warn_if_reject reject_rbl_client ix.dnsbl.manitu.net
    warn_if_reject reject_rbl_client zen.spamhaus.org
smtpd_helo_restrictions =
    permit_mynetworks
    permit_sasl_authenticated
    warn_if_reject check_helo_access hash:/etc/postfix-in/helo_access
    warn_if_reject reject_non_fqdn_helo_hostname
    warn_if_reject reject_invalid_helo_hostname
    warn_if_reject reject_unknown_helo_hostname
smtpd_sender_restrictions =
    permit_mynetworks
    permit_sasl_authenticated
    warn_if_reject check_sender_access hash:/etc/postfix-in/sender_access
    warn_if_reject reject_non_fqdn_sender
    warn_if_reject reject_unknown_sender_domain
smtpd_recipient_restrictions =
    permit_mynetworks
    permit_sasl_authenticated
    reject_unlisted_recipient
    reject_unauth_destination
smtpd_data_restrictions =
    permit_mynetworks
    permit_sasl_authenticated
    reject_unauth_pipelining
smtpd_relay_restrictions =
    permit_mynetworks
    permit_sasl_authenticated
    reject_unauth_destination

relaying instance outbound:

smtpd_client_restrictions =
    permit_mynetworks
    permit_sasl_authenticated
    check_client_access cidr:/etc/postfix-out/client_access
    warn_if_reject reject_unknown_client_hostname
    warn_if_reject reject_unknown_reverse_client_hostname
smtpd_helo_restrictions =
    permit_mynetworks
    permit_sasl_authenticated
    check_helo_access hash:/etc/postfix-out/helo_access
    reject_non_fqdn_helo_hostname
    reject_invalid_helo_hostname
    warn_if_reject reject_unknown_helo_hostname
smtpd_sender_restrictions =
    permit_mynetworks
    permit_sasl_authenticated
smtpd_recipient_restrictions =
    permit_mynetworks
    permit_sasl_authenticated
    check_client_access cidr:/etc/postfix-out/client_access
    reject_unauth_destination
smtpd_data_restrictions =
    permit_mynetworks
    permit_sasl_authenticated
    reject_unauth_pipelining
smtpd_relay_restrictions =
    permit_mynetworks
    permit_sasl_authenticated
    check_client_access cidr:/etc/postfix-out/client_access
    reject_unauth_destination

Anything missing / redundant / unneccessary?

Thank you!















    











					Reply via email to