Hello, I'm running Postfix 3.3. I'm thinking I've got an issue with my smtpd* restrictions, either doing double work or not ordered right, or just not optimized. Can someone take a look and see if anything stands out as being off?
Thanks. Dave. master.cf (service excerpt): submission inet n - n - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_dh1024_param_file=/etc/ssl/dhparam.pem -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth -o smtpd_sasl_security_options=noanonymous -o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject -o smtpd_sender_login_maps=mysql:/usr/local/etc/postfix/db/sender-login-maps.cf -o tls_preempt_cipherlist=yes main.cf (smtpd* restrictions): strict_rfc821_envelopes = yes disable_vrfy_command = yes smtpd_reject_unlisted_sender = yes show_user_unknown_table_name = no unknown_address_reject_code = 554 unknown_hostname_reject_code = 554 unknown_client_reject_code = 554 # Conditions in which Postfix works as a relay. (for mail user clients) smtpd_relay_restrictions = reject_non_fqdn_recipient reject_unknown_recipient_domain permit_mynetworks reject_unauth_destination smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination check_helo_access hash:/usr/local/etc/postfix/helo_access, ,check_helo_access pcre:/usr/local/etc/postfix/helo_checks ,check_sender_mx_access cidr:/usr/local/etc/postfix/bogus_mx check_sender_access hash:/usr/local/etc/postfix/safe_addresses check_sender_access hash:/usr/local/etc/postfix/auto-whtlst check_client_access cidr:/usr/local/etc/postfix/spamfarms check_client_access cidr:/usr/local/etc/postfix/sinokorea.cidr check_recipient_access mysql:/usr/local/etc/postfix/db/recipient-access.cf permit_dnswl_client list.dnswl.org=127.0.[2..14].[1..3] check_reverse_client_hostname_access pcre:/usr/local/etc/postfix/fqrdns.pcre reject_unknown_reverse_client_hostname reject_non_fqdn_sender # The below commented lines were commented to make outlook work #reject_non_fqdn_helo_hostname reject_invalid_helo_hostname #reject_unknown_helo_hostname reject_unlisted_recipient reject_rhsbl_client dbl.spamhaus.org reject_rhsbl_sender dbl.spamhaus.org reject_rhsbl_helo dbl.spamhaus.org check_policy_service unix:private/spf-policy check_policy_service unix:private/dovecot-quota # Restrictions for all sending foreign servers ("SMTP clients") smtpd_client_restrictions = permit_mynetworks check_client_access hash:/usr/local/etc/postfix/without_ptr reject_unknown_client_hostname smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks reject_invalid_helo_hostname # The below lines were commented to make outlook work #reject_non_fqdn_helo_hostname #reject_unknown_helo_hostname # Block clients, which start sending too early smtpd_data_restrictions = reject_unauth_pipelining # Restrictions for MUAs #mua_relay_restrictions = reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_mynetworks,permit_sasl_authenticated,reject #mua_sender_restrictions = permit_mynetworks,reject_non_fqdn_sender,reject_sender_login_mismatch,permit_sasl_authenticated,reject #mua_client_restrictions = permit_mynetworks,permit_sasl_authenticated,reject