On Wed, 03 Dec 2014 14:11:44 +0100 "li...@rhsoft.net" <li...@rhsoft.net> wrote:
> > Am 03.12.2014 um 13:40 schrieb mancyb...@gmail.com: > > On Wed, 03 Dec 2014 13:18:45 +0100 > > "li...@rhsoft.net" <li...@rhsoft.net> wrote: > >> put the exchange host in "mynetworks" and just add "permit_mynetworks" > >> *before* "reject_authenticated_sender_login_mismatch" > > > > Hi, my whole 'smtpd_recipient_restrictions' is: > > > > smtpd_recipient_restrictions = > > permit_mynetworks, > > check_policy_service inet:127.0.0.1:10031, > > check_sender_access hash:/etc/postfix/sender_access, > > check_recipient_access > > hash:/etc/postfix/check_recipient_access_skip_blacklists, > > reject_authenticated_sender_login_mismatch, > > reject_unauthenticated_sender_login_mismatch, > > permit_sasl_authenticated, > > reject_non_fqdn_hostname, > > reject_non_fqdn_sender, > > reject_non_fqdn_recipient, > > reject_unauth_destination, > > reject_unauth_pipelining, > > reject_invalid_hostname, > > check_client_access hash:/etc/postfix/rbl_override > > reject_rbl_client zen.spamhaus.org, > > reject_rbl_client cbl.abuseat.org, > > reject_rbl_client bl.spamcop.net, > > > > this is a server with many domains and users (and filters, also custom > > antispam filters). > > > > Wouldn't your suggested modification disable all the rest of the processing > > logic ? > > I mean .. would reject_rbl_client zen.spamhaus.org still be considered ? > > If that's the case, wouldn't be easy to spoof the domain and abuse the > > server? > > if the sending host is controlled by you it makes no sense to do RBL > checks for one of your own machines and so it should be safe add the > host to "mynetworks" Hi, the Exchange server is not controlled by me, nor are the clients. I agree that skipping RBLs checks is ok but what about the other rules, will they be skipped ? I need policyd to track sending, together with amavis and spamd. Thanks.
