Hello list,
Thanks for the info, in a different thread I also saw a reference to
http://postfix.1071664.n5.nabble.com/smtpd-recipient-restrictions-Best-Practices-td10171.html and it helped me to modify my config. In addition I upgraded to Postfix 2.9.3 because I want to start using permit_dnswl_client as
well.
It seems to work as expected, but I have the uncomfortable feeling
that I still missed something crucial...
Please show your "postconf -n" output for further help.
Are there any bad mistakes in the following config, in particular
regarding smtpd_recipient_restrictions and releated settings?
Thank you for your help,
Lucas
# postconf -nf
alias_database = $alias_maps
alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
content_filter = amavis:[127.0.0.1]:10024
delay_warning_time = 4h
disable_vrfy_command = yes
inet_interfaces = all
local_recipient_maps =
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
maximal_backoff_time = 4000s
maximal_queue_lifetime = 7d
milter_default_action = accept
milter_protocol = 2
minimal_backoff_time = 300s
mydestination = list.ecompass.nl
myhostname = mail.ecompass.nl
mynetworks_style = host
myorigin = /etc/mailname
non_smtpd_milters = inet:localhost:8891
readme_directory = no
recipient_bcc_maps = hash:/etc/postfix/recipient_bcc
recipient_delimiter = *
relay_domains =
smtp_helo_timeout = 60s
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_restrictions = check_client_access
cidr:/etc/postfix/client-access
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_delay_reject = yes
smtpd_hard_error_limit = 12
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_helo_hostname,
reject_invalid_helo_hostname, permit
smtpd_milters = inet:localhost:8891
smtpd_recipient_limit = 16
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,
reject_unauth_destination, reject_unauth_pipelining,
reject_non_fqdn_sender,
reject_non_fqdn_recipient, reject_unknown_recipient_domain,
reject_unknown_sender_domain, check_policy_service inet:127.0.0.1:10023,
check_recipient_access hash:/etc/postfix/recipient-access,
check_sender_access hash:/etc/postfix/sender-access, check_client_access
cidr:/etc/postfix/client-whitelist, permit_dnswl_client
list.dnswl.org=127.0.[0..255].[1..3], reject_rbl_client zen.spamhaus.org,
reject_rbl_client dnsbl.sorbs.net, reject_rbl_client
bl.spamcop.net, permit
smtpd_sender_restrictions = permit_mynetworks, warn_if_reject
reject_non_fqdn_sender, permit
smtpd_soft_error_limit = 3
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
unknown_local_recipient_reject_code = 550
virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/spool/mail/virtual
virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf
virtual_uid_maps = static:5000
