On 9/9/2011 4:00 μμ, Wietse Venema wrote:
If you don't use permit_mynetworks at all (check with: "postconf | grep permit_mynetworks"), then mynetworks can be empty.
Thanks Wietsie, mynetworks = 127.0.0.1/32 [::1]/128 seems the right solution.In fact I am using permit_mynetworks as the first entry in smtpd_recipient_resctrictions. It seems it doesn't make any sense there, so I can remove it?
Also, should the above mynetworks setting cover postscreen needs (since postscreen_access_list = permit_mynetworks)?
# postconf | grep permit_mynetworks postscreen_access_list = permit_mynetworkssmtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, reject_invalid_hostname, reject_unauth_pipelining, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unverified_recipient, reject_rbl_client b.barracudacentral.org, reject_rbl_client zen.spamhaus.org, reject_rbl_client psbl.surriel.com, reject_rhsbl_client dbl.spamhaus.org, reject_rhsbl_sender dbl.spamhaus.org, reject_rhsbl_helo dbl.spamhaus.org, permit
Also: # postconf | grep postscreen postscreen_access_list = permit_mynetworks postscreen_bare_newline_action = ignore postscreen_bare_newline_enable = no postscreen_bare_newline_ttl = 30d postscreen_blacklist_action = ignore postscreen_cache_cleanup_interval = 12h postscreen_cache_map = btree:$data_directory/postscreen_cache postscreen_cache_retention_time = 7dpostscreen_client_connection_count_limit = $smtpd_client_connection_count_limit
postscreen_command_count_limit = 20
postscreen_command_filter =
postscreen_command_time_limit = ${stress?10}${stress:300}s
postscreen_disable_vrfy_command = $disable_vrfy_command
postscreen_discard_ehlo_keyword_address_maps =
$smtpd_discard_ehlo_keyword_address_maps
postscreen_discard_ehlo_keywords = $smtpd_discard_ehlo_keywords postscreen_dnsbl_action = enforce postscreen_dnsbl_reply_map =postscreen_dnsbl_sites = b.barracudacentral.org*2, zen.spamhaus.org*2, psbl.surriel.com*2
postscreen_dnsbl_threshold = 2
postscreen_dnsbl_ttl = 1h
postscreen_enforce_tls = $smtpd_enforce_tls
postscreen_expansion_filter = $smtpd_expansion_filter
postscreen_forbidden_commands = $smtpd_forbidden_commands
postscreen_greet_action = enforce
postscreen_greet_banner = $smtpd_banner
postscreen_greet_ttl = 1d
postscreen_greet_wait = ${stress?2}${stress:6}s
postscreen_helo_required = $smtpd_helo_required
postscreen_non_smtp_command_action = drop
postscreen_non_smtp_command_enable = no
postscreen_non_smtp_command_ttl = 30d
postscreen_pipelining_action = enforce
postscreen_pipelining_enable = no
postscreen_pipelining_ttl = 30d
postscreen_post_queue_limit = $default_process_limit
postscreen_pre_queue_limit = $default_process_limit
postscreen_reject_footer = $smtpd_reject_footer
postscreen_tls_security_level = $smtpd_tls_security_level
postscreen_use_tls = $smtpd_use_tls
postscreen_watchdog_timeout = 10s
Thanks,
Nick
smime.p7s
Description: S/MIME Cryptographic Signature
