Re: Question about smptd_sender_logins_map and allow to use

Sun, 15 Feb 2009 06:07:03 -0800 

Ali Nebi a écrit :
> [snip]
> 
> smtpd_client_restrictions =
>         permit_mynetworks,
>         permit_sasl_authenticated,
>         check_client_access hash:/etc/postfix/access,

you are "sharing" this map (for client, sender, and recipient). better
use "dedicated" maps (access_client, access_sender, access_recipient).

>         reject_unauth_pipelining,
> #       reject_unknown_client,
>         reject_rbl_client sbl-xbl.spamhaus.org,

consider using zen.spmahaus.org instead (this

>         reject_rbl_client rbl-plus.mail-abuse.org,

I wouldn't use this one. not onlybecause it's commercial...

>         reject_rbl_client cbl.abuseat.org,

cbl prefer that you query spamhaus instead.

> [snip]
> 
> smtpd_recipient_restrictions =
>         permit_mynetworks,
>         permit_sasl_authenticated,
>         check_recipient_access hash:/etc/postfix/access,
>       check_sender_access hash:/etc/postfix/access,

it is still here (up). and this is before reject_unauth_destination.

>         reject_unauth_destination,
>         reject_unknown_recipient_domain,
>         reject_non_fqdn_recipient,

at this point, the recipient is in _your_ domain (because
reject_unauth_destination has alreday rejected all other domains). so
this check is useless.

>         reject_unauth_pipelining,

this too is useless here. put it under smtpd_data_restrictions.

>         permit
> 
> ?
> 

consider starting from the "version" below and

smtpd_helo_required = yes
smtpd_client_restrictions =
smtpd_helo_restrictions =
smtpd_sender_restrictions =


smtpd_recipient_restrictions =
        reject_non_fqdn_sender
        reject_non_fqdn_recipient
        permit_mynetworks
        permit_sasl_authenticated
        reject_unauth_destination
        reject_sender_login_mismatch
        reject_invalid_hostname
        reject_non_fqdn_hostname
        check_recipient_access hash:/etc/postfix/access_recipient
        check_client_access cidr:/etc/postfix/access_client
        check_helo_access hash:/etc/postfix/access_helo
        check_sender_access hash:/etc/postfix/access_sender
        reject_unknown_sender_domain
        reject_rbl_client zen.spamhaus.org,


smtpd_data_restrictions =
        reject_unauth_pipelining

PS. note the access_sender and access_recipient maps.

(I wonder why your Evolution posts to my From: address instead of the
Reply-To: address. did you do anything special or is this the default
behaviour of Evolution, in which case, it would be a bug).

Reply via email to