On Thu, Apr 07, 2011 at 11:43:55AM -0400, Wietse Venema wrote: > G�bor L�n�rt: > > Hi, > > > > I have the idea to simply put "permit" at the end of > > smtpd_recipient_restrictions. No, I don't want open relay :) but I do all > > the checks to make it secure in sender_recipient_restrictions. Postfix > > nicely wants to change my mind about this idea. So my question that: > > You have not understood what Postfix requires. > > Postfix does not care what you put AT THE END of > sender_recipient_restrictions. > > Instead, Postfix requires that you have one or more of (reject, > reject_unauth_destination, etc.) SOMEWHERE in > sender_recipient_restrictions.
I have the needed rejects at the sender, but not at the recipient, because I have the idea that if I reject "unwanted" things at the sender, I am safe not to do the same restrictions at the recipient restrictions. The whole issue is because I want to reject things as soon as possible (heavy traffic), so I would accept sasl authenticated users at sender restrictions, also some clients by IP and yes, then reject for the rest. But why I need to do this again at recipient restriction, when I've already did at sender? As far as I can guess, you can't do RCPT TO before giving valid and accepted MAIL FROM, so my theory is safe, but I am not 100% sure. Anyway what I can do to be "not so tricky" to do the same checks (permit_sasl_authenticated and by IP too) again in recipient restrictions _too_, but then I do the same checks at sender and recipient (or even more if I have more recipients) which involves ldap, mysql and a cidr table lookup too (as I have different data sources I need to check). Surely, I don't want to argue with you, I am only curious that my solution is secure at all to use, I can do my theory (I think) if I use static:OK, reject at recipient to make postfix feel nice about my restrictions, but it's ugly and maybe not secure either? thanks!
