* Matt Horrocks <m...@polyvisual.co.uk>:
> Hi,
>
> I'm setting up postfix for the first time.
>
> In the UK, the entire sky.com <http://sky.com> ip range is on the
> Spamhaus PBL [http://www.spamhaus.org/pbl/query/PBL251585
> <http://www.spamhaus.org/pbl/query/PBL251585>].
>
> I thought that the main.cf <http://main.cf> below would allow my
> users who happen to be on the sky.com <http://sky.com> network to
> send mail through my server, but it doesn't - sky.com
> <http://sky.com> users get a relay denied error, which I've traced
> to the "smtpd_recipient_restrictions reject_rbl_client
> zen.spamhaus.org" setting.
>
> The users should already be authenticated by
> "smtpd_sender_restrictions permit_sasl_authenticated", so why does
> the "smtpd_recipient_restrictions reject_rbl_client
> zen.spamhaus.org" check stop their mail being sent?
Best practise is to let your local users send using the submission port (587).
Since this port requires SMTP AUTH (by definition) you can let away
restrictions such as RBLs etc. on that port.
p@rick
>
> Thanks,
> Matt
>
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> append_dot_mydomain = no
> biff = no
> config_directory = /etc/postfix
> home_mailbox = Maildir
> inet_interfaces = all
> mailbox_command = procmail -a "$EXTENSION"
> mailbox_size_limit = 0
> mydestination =
> myhostname = server.polyvisual-services.co.uk
> mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
> myorigin = /etc/mailname
> readme_directory = no
> recipient_delimiter = +
> relayhost =
> smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
> smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
> smtpd_helo_required = yes
> smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, permit
> smtpd_recipient_restrictions = permit_sasl_authenticated,
> reject_non_fqdn_sender, reject_non_fqdn_recipient,
> reject_unknown_sender_domain, reject_unknown_recipient_domain,
> reject_unauth_pipelining, permit_mynetworks,
> reject_unauth_destination, reject_rbl_client
> zen.spamhaus.org, permit
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_path = private/auth
> smtpd_sasl_type = dovecot
> smtpd_sender_restrictions = permit_sasl_authenticated,
> permit_mynetworks, reject_non_fqdn_sender,
> reject_unknown_sender_domain, permit
> smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
> smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
> smtpd_use_tls = yes
> virtual_gid_maps = static:5000
> virtual_mailbox_base = /
> virtual_mailbox_domains = ldap:/etc/postfix/ldap-domains.cf
> virtual_mailbox_maps = ldap:/etc/postfix/ldap-maps.cf
> virtual_uid_maps = static:5000
>
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Joerg Heidrich
