Hi,
> > relay_transport = $default_transport
> > relay_domains = mycompany.com, $mydestination
>
> Fine, but I don't see a "relay_recipient_maps" for recipient validation,
> which is quite important to avoid backscatter.
I think I'm achieving this with check_recipient_access in
smtpd_recipient_restrictions?
smtpd_recipient_restrictions =
reject_non_fqdn_recipient,
reject_non_fqdn_sender,
reject_unlisted_recipient,
reject_unknown_recipient_domain,
permit_mynetworks,
reject_unauth_destination,
reject_rhsbl_sender uri.mykey.invaluement.com,
check_sender_access ${indexed}check_backscatterer,
check_helo_access pcre:$config_directory/helo_checks.pcre,
check_helo_access ${indexed}helo_checks,
reject_non_fqdn_helo_hostname,
reject_invalid_helo_hostname,
check_policy_service unix:private/policy-spf,
check_policy_service inet:127.0.0.1:2501,
check_recipient_access pcre:$config_directory/relay_recips_access,
check_recipient_access pcre:$config_directory/recipient_checks,
permit
I also have the check_sender_access above:
/etc/postfix-117/check_backscatterer:
<> reject_rbl_client ips.backscatterer.org
postmaster reject_rbl_client ips.backscatterer.org
/etc/postfix-117/relay_recips_access:
/^alex@mycompany\.com$/ DUNNO
/^.*@mycompany\.com$/ REJECT
