On Mon, 25 Aug 2003 14:05:28 -0400, Larry Gilson wrote > Hi Mike, > > > -----Original Message----- > > From: Mike Vanecek > > > > > smtpd_client_restrictions = permit_mynetworks, > > > > reject_rbl_client dnsbl.njabl.org, > > > > reject_rbl_client relays.osirusoft.com, > > > > reject_rbl_client bl.spamcop.net, > > > > reject_rbl_client list.dsbl.org, > > > > reject_unknown_client > > > > > > > > smtpd_helo_restrictions = permit_mynetworks, > > > > reject_invalid_hostname, > > > > reject_unknown_hostname > > > > > > The first permit_mynetworks should win. > > > > I do not want to put that address in mynetworks since I do > > not want to allow that address relay priviledges. I think defining > > the class would probably fix things. > > My point here is that permit_mynetworks is redundant.
OK. Your thought is if none of the rejects hit, then it defaults to permit? My approach says that if it is part of the LAN, then do not do the other tests? I.e., mynetworks = 192.168.1.0/24, 127.0.0.0/8. > Also, I put that > permit last. It is good practice to reject first then permit. > Below is part of my main.cf: > > # These rejects should be permanent, not soft. > unknown_address_reject_code = 554 > unknown_client_reject_code = 554 > unknown_hostname_reject_code = 554 I do not know the difference between the default 450 reject and the 554 reject. [snip] > # Don't wait for RCPT TO: to reject message. > smtpd_delay_reject = no # You may also list any helo, sender or recipient restrictions here. # These will have effect only when smtpd_delay_reject=yes, so that all # restrictions are evaluated at the time of the RCPT TO command. This one confuses me. The doco says the restrictions have effect only when smtpd_delay_reject=yes, yet you set it to no? > check_client_access hash:/etc/postfix/access_client, > check_helo_access hash:/etc/postfix/access_helo, > check_sender_access hash:/etc/postfix/access_sender, > check_recipient_access hash:/etc/postfix/access_recipient, Do you use all of these access files? I assume you use postmap to hash them? These smptd restrictions have cut down significantly the amount of spam that spamassassin must process. ------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0 _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
