On Tue, May 28, 2024 at 08:18:06PM -0400, John Hill via Postfix-users wrote:
> -o > smtpd_recipient_restrictions=permit_sasl_authenticated,reject_rbl_client=zen.spamhaus,org=127.0.0.4,reject > > > I added and = after reject_rbl_client= That's wrong, in multiple ways. 0. The RBL check should come first. 1. "reject_rbl_client" is separated from the DNS name and optional "=<IP>" suffix by whitespace or commas. 2. Note the "," instead of "." before "org". The correct definition is: -o { smtpd_recipient_restrictions = reject_rbl_client zen.spamhaus.org=127.0.0.4, permit_sasl_authenticated, reject } You can split it over multiple logical (indented) lines for readability: -o { smtpd_recipient_restrictions = reject_rbl_client zen.spamhaus.org=127.0.0.4, permit_sasl_authenticated, reject } The "permit_sasl_authenticated" is not optional. If you want to enforce a matching sender address based on the SASL login, you then need: -o { smtpd_recipient_restrictions = reject_rbl_client zen.spamhaus.org=127.0.0.4, reject_sender_login_mismatch, permit_sasl_authenticated, reject } in that order. -- Viktor. _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org