On 17.05.22 15:14, White, Daniel E. (GSFC-770.0)[AEGIS] wrote:
This is part of what I plan to put on our new MTA (Postfix only) and MDA
(Postfix/Dovecot) servers.
Please tell me if I am doing anything foolish / dangerous.
My concern is whether I should put "permit_mynetworks" higher in the sender and
recipient restrictions.
smtpd_client_restrictions =
permit_mynetworks,
reject
you'll block incoming mail with last reject.
smtpd_sender_restrictions =
reject_unlisted_sender, ( for MDA only )
reject_non_fqdn_sender,
reject_unknown_sender_domain,
permit_mynetworks,
reject
this is okay imho, invalid senders should be rejected before you allow mail
from even internal clients.
... you couldn't even notify those clients if they used invalid senders.
smtpd_recipient_restrictions =
reject_unknown_recipient_domain,
reject_non_fqdn_recipient,
permit_mynetworks,
reject
the same, although you probably could notice internal clients if they used
invalid recipients (if they provide correct sender of course)
smtpd_relay_restrictions =
permit_mynetworks,
reject_unauth_destination,
reject
you reject receiving mail again with last reject, again.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"One World. One Web. One Program." - Microsoft promotional advertisement
"Ein Volk, ein Reich, ein Fuhrer!" - Adolf Hitler
