Patrick Ben Koetter <p...@sys4.de> wrote: >* Matt Horrocks <m...@polyvisual.co.uk>: >> Hi, >> >> I'm setting up postfix for the first time. >> >> In the UK, the entire sky.com <http://sky.com> ip range is on the >> Spamhaus PBL [http://www.spamhaus.org/pbl/query/PBL251585 >> <http://www.spamhaus.org/pbl/query/PBL251585>]. >> >> I thought that the main.cf <http://main.cf> below would allow my >> users who happen to be on the sky.com <http://sky.com> network to >> send mail through my server, but it doesn't - sky.com >> <http://sky.com> users get a relay denied error, which I've traced >> to the "smtpd_recipient_restrictions reject_rbl_client >> zen.spamhaus.org" setting. >> >> The users should already be authenticated by >> "smtpd_sender_restrictions permit_sasl_authenticated", so why does >> the "smtpd_recipient_restrictions reject_rbl_client >> zen.spamhaus.org" check stop their mail being sent? > > >Best practise is to let your local users send using the submission port >(587). >Since this port requires SMTP AUTH (by definition) you can let away >restrictions such as RBLs etc. on that port. > >p@rick > > > >> >> Thanks, >> Matt >> >> alias_database = hash:/etc/aliases >> alias_maps = hash:/etc/aliases >> append_dot_mydomain = no >> biff = no >> config_directory = /etc/postfix >> home_mailbox = Maildir >> inet_interfaces = all >> mailbox_command = procmail -a "$EXTENSION" >> mailbox_size_limit = 0 >> mydestination = >> myhostname = server.polyvisual-services.co.uk >> mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 >> myorigin = /etc/mailname >> readme_directory = no >> recipient_delimiter = + >> relayhost = >> smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache >> smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) >> smtpd_helo_required = yes >> smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, >permit >> smtpd_recipient_restrictions = permit_sasl_authenticated, >> reject_non_fqdn_sender, reject_non_fqdn_recipient, >> reject_unknown_sender_domain, reject_unknown_recipient_domain, >> reject_unauth_pipelining, permit_mynetworks, >> reject_unauth_destination, reject_rbl_client >> zen.spamhaus.org, permit >> smtpd_sasl_auth_enable = yes >> smtpd_sasl_path = private/auth >> smtpd_sasl_type = dovecot >> smtpd_sender_restrictions = permit_sasl_authenticated, >> permit_mynetworks, reject_non_fqdn_sender, >> reject_unknown_sender_domain, permit >> smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem >> smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key >> smtpd_tls_session_cache_database = >btree:${data_directory}/smtpd_scache >> smtpd_use_tls = yes >> virtual_gid_maps = static:5000 >> virtual_mailbox_base = / >> virtual_mailbox_domains = ldap:/etc/postfix/ldap-domains.cf >> virtual_mailbox_maps = ldap:/etc/postfix/ldap-maps.cf >> virtual_uid_maps = static:5000 >> > >-- >[*] sys4 AG > >http://sys4.de, +49 (89) 30 90 46 64 >Franziskanerstraße 15, 81669 München > >Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 >Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer >Aufsichtsratsvorsitzender: Joerg Heidrich
Thanks for your assistance. The users all send through port 587, so I'll add the following to the submission section of master.cf -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth -o smtpd_sasl_auth_enable=yes -o smtpd_reject_unlisted_sender=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject
