On Tuesday 04 August 2009 16:08:06 John King wrote: > > My question is - based on several postings where people advise that x line > should precede y line or be listed after z - with regards to the auth > sections and recipient restrictions etc etc... Is there a set order in > which these elemts should be listed in main.cf and if so, is that order > published or available anywhere ?
I'm no expert, but I think the answer is no, it depends on policy. Typically you want to accept authenticated users, and trusted hosts, before checking blocklists. But as more and more spammer use stolen credentials it maybe that some folk will refuse known bots before considering authentication credentials, so they will perhaps put the CBL or XBL (lists of known spambots) before anything else. Similarly some spam checks are far cheaper than others, it makes sense to do the most cost effective spam tests first (which typically means anything that avoids disk I/O (especially writing) before tests that write to disk. I have on my personal server for recipients: permit_sasl_authenticated, permit_mynetworks, <blocklists> <policy servers> reject_unauth_destination Which I think is pretty typical, but there is proabbly no right way. Ralf Hildrebrandt has his own configuration and some example on his site, which are useful for those of us whose brains aren't as fit as they once were. http://www.arschkrebs.de/postfix/
