On Fri, Feb 02, 2024 at 08:26:20AM +0300, Mark via Postfix-users wrote:
> I'm trying to adjust my smtpd_recipient_restrictions so that any emails
> coming to a non-existent account on my server would be rejected BEFORE the
> attempt reaches RBLs/RBL queries.
If you're using Postfix 3.6 or later, you probably have a "yes" setting
for:
smtpd_relay_before_recipient_restrictions = ${{$compatibility_level} <level
{3.6} ? {no} : {yes}}
which means, that your relay restriction would already reject mail to
unauthorised destinations, obviating the need for
"reject_unauth_destination" in:
...
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
...
in the list of rules for smtpd_recipient_restrictions (provided you've
not "cleared" your relay restrictions).
But of course a belt-and-suspenders approach is harmless and in this
case also cheap to check.
> Thus, before I activate my settings, I wanted to ask for your opinions, so
> here how it goes;
>
> smtpd_recipient_restrictions =
> reject_non_fqdn_sender,
> reject_non_fqdn_recipient,
> reject_non_fqdn_helo_hostname,
> reject_invalid_helo_hostname,
> reject_unlisted_recipient,
> permit_mynetworks,
> permit_sasl_authenticated,
> reject_unauth_destination,
> reject_rbl_client zen.spamhaus.org=127.0.0.[2..11],
...
This looks fine.
--
Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
