Petre Bandac wrote:
> smtpd_recipient_restrictions =
this is at least controversial:
- for inbound mail, why would you want it to fail if your DNS has problems
- for outbound mail, why would you reject instead of queue then bounce.
otherwise, transient dns problems get back to your users, most of which
won't understand what that means (besides, you already seen how errors
are reported by MUAs....).
> check_client_access hash:/etc/postfix/spammers-accepted,
This is useless in the default config (delay reject set to yes).
> reject_rbl_client ix.dnsbl.manitu.net reject_rbl_client
cbl is included in xbl. you can save a lookup if you so desire.
> reject_rbl_client sbl-xbl.spamhaus.org
> reject_rbl_client list.dsbl.org reject_rbl_client
> relays.ordb.org reject_rbl_client opm.blitzed.org
opm is dead, and when it was alive, it was included in xbl.
> reject_rbl_client dul.dnsbl.sorbs.net reject_rbl_client
sbl is included in sbl-xbl. They are also served by the same
organization, so there is really no point in doing a double query.
> reject_rhsbl_sender dsn.rfc-ignorant.org
remove permit_mx_backup,reject. This is useless. you already have
> more /etc/postfix/spammers-accepted
> 18.104.22.168 OK
> don't forget to postmap the hash file and reload postfix
with IPs, better use cidr.