On Friday 30 October 2009 09:52:44 Simon Morvan wrote: > Hello folks, > > I've got some checks setup like that : > > smtpd_recipient_restrictions = > reject_non_fqdn_sender, > reject_unknown_sender_domain, > reject_non_fqdn_recipient, > reject_unknown_recipient_domain, > permit_mynetworks, > reject_unauth_destination, > reject_invalid_helo_hostname, > reject_non_fqdn_helo_hostname, > check_helo_access pcre:/etc/postfix/helo_checks.pcre, > check_sender_access hash:/etc/postfix/white_senders, > check_client_access hash:/etc/postfix/white_clients, > check_recipient_access hash:/etc/postfix/white_recipients, > reject_rbl_client sbl-xbl.spamhaus.org,
Consider Zen here. It also incorporates the (not-quite-so) new PBL, which has been very effective here. > reject_rhsbl_sender dsn.rfc-ignorant.org, > check_policy_service inet:10.18.0.100:60000, > > I notice that event if the recipient address doesn't exists, the > check_policy_service (greylist) got evaluated, causing higher load than > needed. Isn't reject_unauth_destination there to block inexistent > recipients ? If the load of a policy service is a problem for you, you should consider increasing your resources, i.e., throw more money at it. :) That notwithstanding, I know that's not your real question, which appears to be confusion of reject_unauth_destination with reject_unlisted_recipient; see: http://www.postfix.org/postconf.5.html#reject_unlisted_recipient -- Offlist mail to this address is discarded unless "/dev/rob0" or "not-spam" is in Subject: header