On 1 November 2011 18:53, Noel Jones <[email protected]> wrote: > On 11/1/2011 1:31 PM, Simon Brereton wrote: >> On 31 October 2011 15:16, Noel Jones <[email protected]> wrote: >>> On 10/31/2011 12:31 PM, Simon Brereton wrote: >>>> Googling led me to this thread: >>>> http://comments.gmane.org/gmane.mail.postfix.user/210413 >>>> >>>> But I don't understand how [email protected] is not owned by >>>> [email protected] >>> >>> Apparently this user didn't authenticate. >>> You define who owns what address in smtpd_sender_login_maps. There >>> are no "automatic" mappings. >> >> Okay, so without smtpd_sender_login_maps those restrictions are worthless, >> yes? > > Right. You must define the user <-> sender address mapping.
>> ## SPAM STUFF and REJECT CODES ## >> smtpd_recipient_restrictions = >> reject_non_fqdn_sender, >> reject_non_fqdn_recipient, >> permit_sasl_authenticated, >> check_helo_access hash:/etc/postfix/helo_checks, >> permit_mynetworks, >> reject_unauth_destination, >> reject_unlisted_recipient, >> check_recipient_access hash:/etc/postfix/laxdomains, (this is >> one domain I host that doesn't want the checking done below) >> check_client_access hash:/etc/postfix/ip_whitelist, >> reject_invalid_helo_hostname, >> reject_non_fqdn_helo_hostname, >> reject_unknown_helo_hostname, >> reject_unknown_sender_domain, >> reject_unknown_recipient_domain, >> >> Jim Seymour has these two ABOVE permit_mynetworks - which I can see >> for the sender_domain, but if the recipient_domain was above >> permit_mynetworks, then wouldn't postfix reject everything that wasn't >> in $mydestination? So, should it be above or below? And surely if it >> should be above, then so should the helo_hostname checks, no? > > The checks "above" permit_mynetworks and permit_sasl_authenticated > are checks you want applied to your networks and authenticated > users. Generally it's better to put those checks in > smtpd_sender_restrictions. Gah. There's like 5 people on this list I force myself to obey and you're one of them... But I thought the recommended best practice was to have it all in smtpd_recipient_restrictions.. :( So if I take them out of there, and add in: smtpd_sender_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, permit it won't break anything? Won't make me an open relay and won't make a backscatterer? Simon
