Hi,
I have a basic SMTP server set up with what I believe to be good smtpd_*_
restrictions, but I was wondering if anyone could provide any insight on how to
improve them or if I have been redundant in the restrictions. Even with
reading the man pages, I find some of the restrictions tricky.
I am eventually having a submission service (with an -o
smtpd_relay_restrictions=permit_sasl_authenticated in master.cf), for this
server but right now what follows is just for a SMTP server on port 25.
smtpd_client_restrictions = permit_mynetworks,
reject_unauth_pipelining,
check_client_access hash:/etc/postfix/client_acl,
reject_unknown_client_hostname,
permit
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,
reject_unauth_pipelining,
reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname,
check_helo_access hash:/etc/postfix/helo_acl,
reject_unknown_helo_hostname,
permit
smtpd_sender_restrictions = permit_mynetworks,
reject_unauth_pipelining,
reject_non_fqdn_sender,
check_sender_access hash:/etc/postfix/sender_acl,
reject_unknown_sender_domain,
permit
smtpd_recipient_restrictions = permit_mynetworks,
permit_auth_destination,
reject
smtpd_relay_restrictions = permit_mynetworks,
permit_auth_destination,
reject
Thanks,
- J
