> > smtpd_client_restrictions = > you'll block incoming mail with last reject.
This is right off of http://www.postfix.org/SMTPD_ACCESS_README.html#lists /etc/postfix/main.cf: # Allow connections from trusted networks only. smtpd_client_restrictions = permit_mynetworks, reject I only permit incoming mail from known, upstream relays which will be in "mynetworks" Do you still think I will block incoming ? > > smtpd_sender_restrictions = > ... you couldn't even notify those clients if they used invalid senders. How would you suggest I notify them ? > > smtpd_relay_restrictions = > you reject receiving mail again with last reject, again. Again, I only permit incoming mail from known, upstream relays which will be in "mynetworks" Do you still think I will block incoming ? ______________________________________________________________________________________________ Daniel E. White daniel.e.wh...@nasa.gov NASCOM Linux Engineer NASA Goddard Space Flight Center Office: (301) 286-6919 Mobile: (240) 513-5290 On 5/17/22, 11:25, "owner-postfix-us...@postfix.org on behalf of Matus UHLAR - fantomas" <owner-postfix-us...@postfix.org on behalf of uh...@fantomas.sk> wrote: On 17.05.22 15:14, White, Daniel E. (GSFC-770.0)[AEGIS] wrote: >This is part of what I plan to put on our new MTA (Postfix only) and MDA (Postfix/Dovecot) servers. >Please tell me if I am doing anything foolish / dangerous. >My concern is whether I should put "permit_mynetworks" higher in the sender and recipient restrictions. > >smtpd_client_restrictions = > permit_mynetworks, > reject you'll block incoming mail with last reject. >smtpd_sender_restrictions = > reject_unlisted_sender, ( for MDA only ) > reject_non_fqdn_sender, > reject_unknown_sender_domain, > permit_mynetworks, > reject this is okay imho, invalid senders should be rejected before you allow mail from even internal clients. ... you couldn't even notify those clients if they used invalid senders. >smtpd_recipient_restrictions = > reject_unknown_recipient_domain, > reject_non_fqdn_recipient, > permit_mynetworks, > reject the same, although you probably could notice internal clients if they used invalid recipients (if they provide correct sender of course) >smtpd_relay_restrictions = > permit_mynetworks, > reject_unauth_destination, > reject you reject receiving mail again with last reject, again.
