Todd A. Jacobs a écrit :
> On Wed, Jan 21, 2009 at 10:54:49AM -0800, Todd A. Jacobs wrote:
>
>> I'm using postfix as a smarthost to forward mail through my upstream
>> ISP. Is there any way to have postfix resolve the MX record of the
>> destination domain and block outgoing mail on that basis?
>
> So far, this is what I have in my restrictions section:
>
> smtpd_helo_required = yes
> smtpd_delay_reject = yes
> smtpd_client_restrictions =
> check_recipient_access hash:/etc/postfix/recipient_access
> check_client_access hash:/etc/postfix/domain_access
> check_helo_access hash:/etc/postfix/helo_access
> reject_invalid_helo_hostname
> reject_non_fqdn_helo_hostname
> reject_unknown_helo_hostname
> reject_unknown_sender_domain
> reject_rbl_client sbl-xbl.spamhaus.org
> reject_rbl_client postmaster.rfc-ignorant.org
> permit_mynetworks
> reject_unauth_destination
> check_policy_service inet:127.0.0.1:60000
> smtpd_sender_restrictions =
> check_sender_access hash:/etc/postfix/sender_access
> smtpd_error_sleep_time = 5
> smtpd_soft_error_limit = 2
> smtpd_recipient_restrictions =
> check_recipient_mx_access hash:/etc/postfix/outbound_mx
>
The setting for smtpd_recipient_restrictions is invalid. your logs will
tell you. Hint: postfix will prevent you from becoming an open relay.
try this:
smtpd_recipient_restrictions =
permit_mynetworks
reject_unauth_destination
check_recipient_mx_access hash:/etc/postfix/outbound_mx
> However, the following in outbound_mx doesn't seem to block the outbound
> mail:
>
> smtp.secureserver.net REJECT
>
> What am I doing wrong here?
>
