On 6/21/2010 10:18 AM, vr wrote:
I know I've got some options set wrong which is why I'm here, but my
postconf -n is currently this:
... not reviewed
When holding most/all restrictions until smtpd_recipient_restrictions,
is there a way to OK a MAIL FROM: sender without becoming an open relay
for those OK'd entries?
Yes. You can safely put anything after
reject_unauth_destination without fear of being an open relay.
See the note at the end of the "dangerous" section
http://www.postfix.org/SMTPD_ACCESS_README.html#danger
But do pay attention to what you're doing.
I would also like to OK a MAIL FROM: sender even if their connecting
client IP is on dnsbl-*.uceprotect.net or doesn't pass a check. Is this
easily do-able without being too dangerous?
Not recommended; better to OK the client's IP if possible.
However, you can use a sender-based whitelist just as easily.
Just make sure the whitelist is after
reject_unauth_destination and before any RBL checks. A
general outline:
smtpd_recipient_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
... restrictions for all connections
... local whitelists
... RBLs and other restrictions
-- Noel Jones
