Poliman - Serwis:
> Thank you, I will check it. Yesterday night I did:
> smtpd_recipient_restrictions = permit_mynetworks,
> permit_sasl_authenticated, check_client_access inline:{91.218.208.22=ok},
> reject_unauth_destination, reject_rbl_client zen.spamhaus.org,
> check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf,
> check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf
As in my original reply:
You MUST have the check_client_access inline:{91.218.208.22=ok} AFTER
the reject_unauth_destination, otherwise they can relay mail through
your server to arbitrary destinations.
Wietse
> and it worked like I want. Of course thank to your advices.
>
> 2018-06-13 12:01 GMT+02:00 Matus UHLAR - fantomas <uh...@fantomas.sk>:
>
> > On 12.06.18 09:10, Poliman - Serwis wrote:
> >
> >> Thank you for answer. I have in main.cf:
> >> smtpd_recipient_restrictions = permit_mynetworks,
> >> permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client
> >> zen.spamhaus.org, check_recipient_access mysql:/etc/postfix/
> >> mysql-virtual_recipient.cf, check_recipient_access mysql:/etc/postfix/
> >> mysql-virtual_policy_greylist.cf
> >>
> >> so, if I understood well, I have to modify above like below:
> >> smtpd_recipient_restrictions = permit_mynetworks,
> >> permit_sasl_authenticated, check_client_access inline:{91.218.208.22=ok},
> >> reject_unauth_destination, reject_rbl_client zen.spamhaus.org,
> >> check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf,
> >> check_recipient_access mysql:/etc/postfix/mysql-virtu
> >> al_policy_greylist.cf
> >>
> >> am I right?
> >>
> >
> > yes, this should do what you want.
> > I'll just repeat:
> >
> > - I'd use hash instead of inline
> >
> > - I'd move reject_rbl_client zen.spamhaus.org at the end, and newly
> > added check_client_access just in front of it,
> > so rules in /etc/postfix/mysql-virtual_recipient.cf and
> > /etc/postfix/mysql-virtual_policy_greylist.cf will be evaulated before
> > zen.spamhaus.org is used, and they will be
> > evaluated even for client 91.218.208.22, which may be desired.
> >
> > - you may want to evaluate those mysql rules even for sasl authenticated
> > clients abd clients from $mynetworks
> > --
> > Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
> > Warning: I wish NOT to receive e-mail advertising to this address.
> > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> > Boost your system's speed by 500% - DEL C:\WINDOWS\*.*
> >
>
>
>
> --
>
> *Pozdrawiam / Best Regards*
> *Piotr Bracha*
