Hello all,
I am currently (slowly) working my way through 'The Book of Postfix' and
trying to fix problems I didn't know needed fixing. It is a very
interesting and highly informative book (so far). Regarding ;
check_recipient_access hash:/etc/postfix/roleaccount_exceptions on
chapter 8, page 92 / 93.
I have created the database using the fqdn for each domain as when using
the wild card you could send an email to ab...@anywhereelse.tld.
While highly unlikely to be abused, I decided to lock it down anyway.
eg.
ab...@domain1.tld OK
webmas...@domain2.tld OK
etc.....
To comply with RFC2142 and always accept mail destined for abuse or
postmaster, the role account exceptions would have to be top of
smtpd_recipient_restrictions, but should I bother to comply with mail
servers that don't conform to RFC2142 themselves? If I were to move the
exception line to below unauth_destination, it would seem a bit
pointless having the line there at all as the message would have already
passed most of the tests.
smtpd_recipient_restrictions =
?#check_recipient_access hash:/etc/postfix/roleaccount_exceptions,
reject_non_fqdn_recipient,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unknown_client_hostname,
reject_invalid_helo_hostname,
reject_unauth_pipelining,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
?#check_recipient_access hash:/etc/postfix/roleaccount_exceptions,
reject_non_fqdn_hostname,
reject_invalid_hostname,
#check_helo_access hash:/etc/postfix/helo_checks,
reject_unverified_sender,
check_policy_service unix:private/policy-spf
If anyone has any thoughts on this, they will be gladly received.
Many thanks,
Mick.
