30.05.2010 15:58, Jeroen Geilman wrote:
On 05/30/2010 01:29 PM, Jarrod Neven wrote:
[]
#postconf -n
config_directory = /etc/postfix
mail_owner = postfix
setgid_group = postdrop
smtpd_client_restrictions = check_sender_access
hash:/etc/postfix/restricted_senders
check_sender_access does not work here; remove it.
It does, with smtpd_delay_reject = yes
smtpd_delay_reject = no
You NEED this to be "yes".
If you NEED this to be "yes" it does not mean everyone
else needs the same. I set it to no in 1998.
smtpd_recipient_restrictions = check_sender_access
hash:/etc/postfix/restricted_senders
That is not sufficient by a long shot.
Take a look at the UCE cheat sheet (google for it!)
The term "sufficient" may mean different things depending
on the goals. Depending on the contents of restricted_senders
table it may be pretty well actually, provided that table
has a reasonable default entry.
smtpd_restriction_classes = local_only
I don't know who told you to set this, but - don't. leave options you
don't understand well enough alone.
He said right at the beginning that he's implementing restriction
classes according to RESTRICTION_CLASS_README, and asked for help
with that.
smtpd_sender_restrictions = check_sender_access
hash:/etc/postfix/restricted_senders
This is the first instance where sender checks can be applied.
Only with smtpd_delay_reject=yes. But indeed, with smtpd_delay_reject=no
(his setting) it makes little sense.
But continuing your own way, I'd say don't recommend
people anything if you don't understand it... ;)
As of the original question, using "static:reject" for
smtpd_recipient_restrictions will make postfix reject just
everything. If it does not work, well, smtpd uses different
config file, that's the only reasonable explanation which I
can think of. Try running it with -v flag in master.cf.
/mjt