Dnia 24.12.2022 o godz. 07:51:42 Samer Afach pisze: > > 1. I see you're telling me to remove smtpd_client_restrictions (for > both 465 and 587?) and only keep smtpd_recipient_restrictions. Can > you please elaborate on the difference? I thought clients connecting > to the server are what we need to restrict. I kind of failed to > understand why smtpd_recipient_restrictions even exists. With that
The various smtpd_*_restrictions lists are applied at various stages of the SMTP transaction. smtpd_client_restrictions are applied right at the beginning of the connection, smtpd_helo_restrictions are applied after HELO/EHLO, and so on. But in each connection phase Postfix "knows" all the parameters from previous phases too, and you can use all the restriction clauses referring to them. So in fact you can ove all restrictions to smtpd_recipient_restrictions and set all previous restrictions to empty. It's just a matter of convenience in which phase you specify particular restrictions. It's all well described here: https://www.postfix.org/SMTPD_ACCESS_README.html > 2. It's been too long and I'm too afraid to ask (Chris Pratt meme > goes here): Is smtp strictly for outgoing connections, no matter > what port, and smtpd for incoming connections, no matter what port? Yes, all parameters prefixed with smtp_ refer to outgoing connections, and all parameters prefixed with smtpd_ refer to incoming connections. -- Pozdrowienia, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub."
