On Mon, 17 Aug 2009, Martijn de Munnik wrote: > On Mon, 2009-08-17 at 12:46 +0200, Ralf Hildebrandt wrote: > > * Martijn de Munnik <[email protected]>: > > > > > > Do you have a caching DNS server? > > > > > > Yes, but still things can go wrong and I don't want a failing DNS lookup > > > to be fatal. > > > > Postfix always returns a 4xx in case of such failures > > > > > As far as I know it does. But I see it is also included in > > > xbl.spamhaus.org. > > > > Rather use zen.spamhaus.borg > I was referring to xbl because I use policyd-weight. policyd-weight > includes the spamhaus zones (http://www.policyd-weight.org/) > > > > > Mmm, I think I need to read the manual to really understand where all > > > those rejects/permits belong. > > > > I'd put them all into smtpd_recipient_restrictions #:) > > http://www.postfix.org/SMTPD_ACCESS_README.html#danger
Oh please. Mitigating that danger is trivial; just follow the instructions lower in that same document: In order to avoid surprises like these with smtpd_recipient_restrictions, you should place non-recipient restrictions AFTER the reject_unauth_destination restriction, not before. -- Sahil Tandon <[email protected]>
