On Tue, May 28, 2024 at 08:18:06PM -0400, John Hill via Postfix-users wrote:
> -o
> smtpd_recipient_restrictions=permit_sasl_authenticated,reject_rbl_client=zen.spamhaus,org=127.0.0.4,reject
>
> > I added and = after reject_rbl_client=
That's wrong, in multiple ways.
0. The RBL check should come first.
1. "reject_rbl_client" is separated from the DNS name and optional
"=<IP>" suffix by whitespace or commas.
2. Note the "," instead of "." before "org".
The correct definition is:
-o { smtpd_recipient_restrictions = reject_rbl_client
zen.spamhaus.org=127.0.0.4, permit_sasl_authenticated, reject }
You can split it over multiple logical (indented) lines for readability:
-o { smtpd_recipient_restrictions =
reject_rbl_client zen.spamhaus.org=127.0.0.4,
permit_sasl_authenticated,
reject }
The "permit_sasl_authenticated" is not optional. If you want to enforce
a matching sender address based on the SASL login, you then need:
-o { smtpd_recipient_restrictions =
reject_rbl_client zen.spamhaus.org=127.0.0.4,
reject_sender_login_mismatch,
permit_sasl_authenticated,
reject }
in that order.
--
Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
