On 11/2/2011 2:33 PM, Simon Brereton wrote: >> The checks "above" permit_mynetworks and permit_sasl_authenticated >> are checks you want applied to your networks and authenticated >> users. Generally it's better to put those checks in >> smtpd_sender_restrictions. > > But I thought the recommended best practice was > to have it all in smtpd_recipient_restrictions.. :(
That's a guideline, not a best practices -- big difference. If you want to apply some restriction to ALL connections -- both your own senders and outside mail -- it makes sense to put it in a different section. And mostly applies to access tables (check_*_access) since those must be handled carefully. > > So if I take them out of there, and add in: > > smtpd_sender_restrictions = reject_unknown_sender_domain, > reject_unknown_recipient_domain, permit > > it won't break anything? Won't make me an open relay and won't make a > backscatterer? again, the final "permit" is unnecessary. Should be fine, and it certainly won't make you an open relay. -- Noel Jones
