On 6/24/2011 11:47 PM, Rich Wales wrote:
Now I understand why this is failing. I guess I'm going to need to do
something different with my SMTPD restrictions -- possibly move all my
existing client restrictions to be at the end of my list of recipient
restrictions (after reject_unauth_destination).
Rich Wales
[email protected]
It's often recommended to put all restrictions under
smtpd_recipient_restrictions to keep life simpler.
Basic format...
smtpd_recipient_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
... whitelists here ...
... local restrictions here ...
... greylist (if you use it) here ...
... rbl checks here ...
The general idea is:
- allow authorized clients
- reject relay attempts
- whitelist anything that needs whitelisting. Since all the
restrictions are here, you don't need to worry about multiple
whitelists in multiple locations.
- local restrictions to reject mail you _know_ you want to
reject, such as local check_*_access blacklists, built-in
restrictions, etc.
- greylist clients you don't have a relationship with.
- RBL checks last since they are the most expensive (in terms
of time spent).
Using this simple framework can yield moderately complex
restrictions, with thousands of (valid) variations, and still
be readable to the average familiar-but-not-expert postfix admin.
-- Noel Jones
