Hello again, I just want to confirm before I change this that I'm not missing something that will cause me some pain...
Currently I have all of my restrictions under smtpd_recipient_restrictions, but after seeing some questions about these on the list, I'm thinking that there are two that should be moved. My current restrictions are: smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/moved-employees, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, ## only allow outsourced anti-spam service to send us email check_client_access cidr:/etc/postfix/allowed_clients.cidr, ## custom rejects for x-employees check_recipient_access hash:/etc/postfix/x-employees, ## block certain senders from sending us mail check_sender_access hash:/etc/postfix/blocked_senders I'm thinking it would be better to move the check_client_access check to smtpd_client_restrictions, and the check_sender_access check to smtpd_sender_restrictions, so I'd then have: smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, check_client_access cidr:/etc/postfix/allowed_clients.cidr, smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, check_sender_access hash:/etc/postfix/blocked_senders smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/moved-employees, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access hash:/etc/postfix/x-employees, I'm unsure if the permit_mynetworks and permit_sasl_authenticated checks are necessary under all three - is it sufficient to just have these under recipient_restrictions, or do you need to add them to each when breaking things up like this? Or does this make sense to change this? Would it be better/ok to just leave them all under recipient_restrictions? Tia for any comments/help, -- Best regards, Charles
