On 1/26/2018 11:47 PM, Voytek wrote: > On Wed, January 24, 2018 3:55 am, Noel Jones wrote: > >> There is no simple regexp, but there is the fqrdns.pcre project. The >> project is a large hand-maintained list of dynamic hostnames with a goal of >> zero false positives. It's not perfect, but it's useful and safe for >> general use. >> >> https://github.com/stevejenkins/hardwarefreak.com-fqrdns.pcre > > within my current list, where should I add ? > > check_client_access hash:/etc/postfix/whitelist > check_reverse_client_hostname_access pcre:/etc/postfix/fqrdns.pcre >
Generally, something like: [restrictions applied to your customers/users] [permit_mynetworks/sasl_authenticated] [reject_unauth_destination] [whitelists for client/sender/recipient exceptions] [local blacklist access lists] [policy services] [DNS blacklists] In some cases there are good reasons to do things differently, but the above suits many people. So generally, you can put it anywhere after reject_unauth_destination and after any whitelists. Just above the first reject_rbl_ is fine. -- Noel Jones > > smtpd_recipient_restrictions =. > reject_unknown_sender_domain, > reject_unknown_recipient_domain,. > reject_non_fqdn_sender, > reject_non_fqdn_recipient, > reject_unlisted_recipient, > permit_mynetworks, > check_sasl_access hash:/etc/postfix/sasl_access > permit_sasl_authenticated, > reject_unauth_destination, > check_recipient_access hash:/etc/postfix/recipient_no_checks, > check_recipient_access pcre:/etc/postfix/recipient_checks.pcre, > check_helo_access hash:/etc/postfix/helo_checks, > check_sender_access hash:/etc/postfix/sender_checks, > check_client_access hash:/etc/postfix/client_checks, > check_client_access pcre:/etc/postfix/client_checks.pcre, > reject_rbl_client zen.spamhaus.org, > reject_rhsbl_client dbl.spamhaus.org, > reject_rhsbl_sender dbl.spamhaus.org, > reject_rbl_client psbl.surriel.com, > reject_rbl_client ix.dnsbl.manitu.net, > reject_rbl_client bl.spamcop.net, > >
