On 28/03/2026 14:14, Jim Seymour via Postfix-users wrote:
On Fri, 27 Mar 2026 01:55:38 +1100
Viktor Dukhovni via Postfix-users <[email protected]> wrote:
[snip]
The simplest thing is often to just block
port 25 messages with an envelope sender in your domains, the SASL
does not actually come into it.
smtpd_sender_restrictions =
check_sender_access inline:{
{ example.com = reject },
{ example.net = reject },
{ example.org = reject }
}
Applies equally to all clients, whether MTAs or MUAs.
You write "block port 25 messages," but does the above rule not apply
to *all* incoming connections, incl. submission and smtps (587 and
465, respectively)?
Regards,
Jim
Not necessarily. For example I have a different set of restrictions for
submission. From master.cf
submission inet n - n - - smtpd
...
-o smtpd_etrn_restrictions=reject
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=submission_client_checks
-o smtpd_sender_restrictions=submission_sender_checks
-o smtpd_recipient_restrictions=submission_recipient_checks
-o smtpd_relay_restrictions=submission_relay_checks
...
John
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
