On 23 January 2011 10:15, mouss <mo...@ml.netoyen.net> wrote: > Le 23/01/2011 03:45, IT geek 31 a écrit : >> A recent poster asked for configuration to be checked, and it has made >> me question my own sender and recipient restrictions: >> >> smtpd_sender_restrictions = >> permit_sasl_authenticated, >> permit_mynetworks, >> check_sender_access hash:/usr/pkg/etc/postfix/sender_access, >> reject_non_fqdn_sender, >> reject_unknown_sender_domain, >> reject_unknown_address, >> permit >> >> smtpd_recipient_restrictions = >> permit_sasl_authenticated, >> permit_mynetworks, >> reject_unauth_destination, >> check_sender_access hash:/usr/pkg/etc/postfix/sender_access, >> reject_unauth_pipelining, >> reject_non_fqdn_recipient, >> reject_unknown_recipient_domain, >> reject_rbl_client zen.spamhaus.org, >> check_policy_service inet:127.0.0.1:10023, >> permit >> >> Having looked at my recipient restrictions, I see that I am checking >> my sender_access again. Is this right? >> > > it works but is useless.
I think I remember why I put it in there. My sender_access files primarily defines a list of friendly addresses which I do not want to be policy checked. The idea is that if an address is found in this list, it skips past any further checks. > you can remove smtpd_sender_restrictions and put all your checks under > smtpd_recipient_restrictions, something like this My understanding of postconf(5) is that smtpd_sender_restrictions applies to the MAIL FROM command. For example I have an access file which contains my two friends, Richard and Bill: bill.clin...@whitehouse.gov OK richard.ni...@whitehouse.gov REJECT I also understand smtpd_recipient_restrictions applies to the RCPT TO command. So if I remove that check from smtpd_sender_restrictions and add it to smtpd_recipient_restrictions, then mails from Richard will get through. > > smtpd_recipient_restrictions = > permit_sasl_authenticated > permit_mynetworks > reject_unauth_destination > reject_non_fqdn_sender > reject_non_fqdn_recipient > #reject_unlisted_sender > #reject_unlisted_recipient > reject_unauth_pipelining > check_sender_access hash:/usr/pkg/etc/postfix/sender_access > reject_unknown_sender_domain > reject_unknown_recipient_domain > reject_rbl_client zen.spamhaus.org > check_policy_service inet:127.0.0.1:10023 > >> Should I replace this with: >> >> check_recipient_access hash:/usr/pkg/etc/postfix/recipient_access >> >> And create a file listing valid users who can receive mail? > > the list of valid recipients should already be there. Where? I don't think I have defined this anywhere. >you can comment out the lines > reject_unlisted_sender > reject_unlisted_recipient > in the example above top reject invalid senders/recipients soon enough. > > you can of course add a check_recipient_access line to add checks on > recipients. > >> I have >> read postconf(5) and I that is my understanding. >> >> Any thoughts? > >
