- Petre Bandac wrote:
> [snip]this is at least controversial:
> smtpd_recipient_restrictions =
- for inbound mail, why would you want it to fail if your DNS has problems
- for outbound mail, why would you reject instead of queue then bounce.
otherwise, transient dns problems get back to your users, most of which
won't understand what that means (besides, you already seen how errors
are reported by MUAs....).
> permit_sasl_authenticated,This is useless in the default config (delay reject set to yes).
> check_client_access hash:/etc/postfix/spammers-accepted,
> reject_invalid_hostname,cbl is included in xbl. you can save a lookup if you so desire.
> reject_rbl_client ix.dnsbl.manitu.net reject_rbl_client
> reject_rbl_client sbl-xbl.spamhaus.orgopm is dead, and when it was alive, it was included in xbl.
> reject_rbl_client list.dsbl.org reject_rbl_client
> relays.ordb.org reject_rbl_client opm.blitzed.org
> reject_rbl_client dul.dnsbl.sorbs.net reject_rbl_clientsbl is included in sbl-xbl. They are also served by the same
organization, so there is really no point in doing a double query.
> reject_rhsbl_sender dsn.rfc-ignorant.orgremove permit_mx_backup,reject. This is useless. you already have
> ##with IPs, better use cidr.
> more /etc/postfix/spammers-accepted
> 184.108.40.206 OK
> don't forget to postmap the hash file and reload postfix