On Wed, Nov 06, 2024 at 11:57:11AM +0100, Matus UHLAR - fantomas via
Postfix-users wrote:
> On 06.11.24 21:14, Viktor Dukhovni via Postfix-users wrote:
> > This is too fragile, you're liable to create an open relay, if any of
> > the sender checks return "OK" based on the sender address alone.
> >
> > I'd instead recommend putting these in
> >
> > smtpd_sender_restrictions
> >
> > which don't imply relay permissions, and rather implement the particular
> > from/to access rules intended.
>
> This reminds me of a question, can check_recipient_access be specified in
> smtpd_sender_restrictions?
>
> I assume works but only when smtpd_delay_reject is enabled (default)
> otherwise the recipient is not known at time smtpd_sender_restrictions are
> processed.
Yes, "smtpd_delay_reject = yes" is needed to examine both sender and
(current) recipient in "smtpd_sender_restrictions", otherwise one can
put the checks in "smtpd_recipient_restrictions".
--
Viktor.
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
