Where did you find this list? There are major issues here.
On Thursday 08 December 2011 13:17:44 Peter L. Berghold wrote:
> smtpd_recipient_restrictions =
> permit_mynetworks,
fine ...
> permit_auth_destination,
"If the destination is served by this host, accept the mail."
> reject_unauth_destination,
"If the destination is NOT hosted here, reject the mail."
Nothing goes past this point, ever.
> check_sender_access hash:/etc/postfix/access,
Bad practice to use a file name "access"; name it for the function it
serves and/or the type of lookup: "sender_access" makes sense.
Furthermore, sender address lookups are very ineffective against spam,
if that was the goal in having it here; and unsafe in whitelisting, if
that was the goal.
> permit_sasl_authenticated,
Needs to come before reject_unauth_destination, if it is to have any
use.
> reject_unauth_pipelining,
Okay, except per above that this is never evaluated,
> reject_non_fqdn_sender,
> reject_non_fqdn_recipient,
> reject_unknown_recipient_domain,
Even if these were evaluated, you'd never see such messages at this
point.
> reject_unkown_helo_hostname,
Misspelled, and risky even if spelled right.
> reject_invalid_hostname,
Old syntax, but okay. reject_non_fqdn_helo_hostname might help more.
> reject_unknown_hostname,
This is the old syntax for the one you misspelled.
> reject_rbl_client blackholes.easynet.nl,
I'm not familiar with the policies of this list. Are you?
> reject_rbl_client bl.spamcop.net,
Spamcop recommends against being used for outright rejection, it WILL
block some non-spam sometime, because of their automated procedures.
Always ALWAYS know the policies of any third-party service you are
trusting to block mail for you.
> reject_rbl_client cbl.abuseat.org,
> reject_rbl_client cbl.abuseat.org,
"It's déjà vu all over again"
> reject_rbl_client dnsbl.njabl.org,
> reject_rbl_client dul.dnsbl.sorbs.net,
These two are probably okay, but did you know that?
> reject_rbl_client hostkarma.junkemailfilter.com=127.0.0.2,
What does this do?
> reject_rbl_client list.dsbl.org,
> reject_rbl_client list.dsbl.org,
> reject_rbl_client multihop.dsbl.org,
"It's déjà vu all over again", and what's worse, DSBL shut down in
2008, over three years ago! Were you following some old howto? That
does not work in email land. Spammers change frequently, as do the
antispam tools at our disposal.
> reject_rbl_client opm.blitzed.org,
I can't remember when this one closed. Before DSBL, I think.
> reject_rbl_client sbl.spamhaus.org,
> reject_rbl_client sbl-xbl.spamhaus.org,
SBL is included in SBL-XBL, and CBL (above) is included in the latter.
In addition, all of these are included in the newer (and recommended)
Zen list.
> permit
The answer to your original question is that permit_auth_destination
prevents any other restrictions from being used.
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
