RE: [SAtalk] Override postfix uce reject of spamassassin-talk-adm in?

Mon, 25 Aug 2003 18:48:23 +0000 

Hi Mike,

> -----Original Message-----
> From: Mike Vanecek

> > > smtpd_client_restrictions = permit_mynetworks,
> > >     reject_rbl_client dnsbl.njabl.org,
> > >     reject_rbl_client relays.osirusoft.com,
> > >     reject_rbl_client bl.spamcop.net,
> > >     reject_rbl_client list.dsbl.org,
> > >     reject_unknown_client
> > > 
> > > smtpd_helo_restrictions = permit_mynetworks,
> > >      reject_invalid_hostname,
> > >      reject_unknown_hostname
> > 
> > The first permit_mynetworks should win.
> 
> I do not want to put that address in mynetworks since I do 
> not want to allow that address relay priviledges. I think defining
> the class would probably fix things.

My point here is that permit_mynetworks is redundant.  Also, I put that
permit last.  It is good practice to reject first then permit.  Below is
part of my main.cf:

# These rejects should be permanent, not soft.
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554

# Require HELO or EHLO at begining of SMTP session.
smtpd_helo_required = yes

# Require RFC 821 compliant envelopes
strict_rfc821_envelopes = yes

# Don't wait for RCPT TO: to reject message.
smtpd_delay_reject = no

# SMTPd restrictions
smtpd_client_restrictions = 
        check_client_access hash:/etc/postfix/access_client,
        reject_unauth_pipelining

smtpd_helo_restrictions = 
        check_helo_access hash:/etc/postfix/access_helo,
        reject_invalid_hostname
        reject_non_fqdn_hostname

smtpd_sender_restrictions = 
        check_sender_access hash:/etc/postfix/access_sender,
        reject_unknown_sender_domain,
        reject_non_fqdn_sender

smtpd_recipient_restrictions = 
        check_recipient_access hash:/etc/postfix/access_recipient,
        reject_unknown_recipient_domain,
        reject_non_fqdn_recipient,
        permit_mynetworks,
        reject_unauth_destination

# Header/body filter.  Using Merlin.  Keep for potential use.
# ** DO NOT ** change the filenames!
header_checks = regexp:/etc/postfix/header_checks
#body_checks = regexp:/etc/postfix/body_checks

--Larry



-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Reply via email to