I was hoping someone could take a quick glance at my
smtpd_*_restrictions configurations. While I've read and (re-)read the
SMTPD_ACCESS_README file a few times over I would be greatly
appreciative if someone could sanity check my work.
The goal is, obviously, to (a) block spammers, (b) only allow relaying
/ sending to SASL-authorized users.
-->8--
smtpd_relay_restrictions =
permit_mynetworks
permit_sasl_authenticated
check_policy_service unix:private/policy-spf
reject_unauth_destination
smtpd_recipient_restrictions =
reject_non_fqdn_sender
reject_unknown_sender_domain
reject_non_fqdn_recipient
reject_unknown_recipient_domain
reject_non_fqdn_hostname
reject_invalid_hostname
reject_unauth_destination
reject_unauth_pipelining
reject_rbl_client zen.spamhaus.org
reject_rbl_client bl.spamcop.net
reject_rbl_client cbl.abuseat.org
reject_rbl_client dnsbl.njabl.org
reject_rbl_client dnsbl.sorbs.net
reject_rhsbl_sender dsn.rfc-ignorant.org
reject_rhsbl_sender blackhole.securitysage.com
--8<--
An extra pair of eyes that could confirm things look good and things
are as "locked down" as possible (both in terms of relaying *and*
dealing with blacklisted IPs) would be greatly appreciated.
Thanks!
