Loading ...
Sorry, an error occurred while loading the content.

Re: smtpd_restrictions sanity check

Expand Messages
  • mouss
    ... yes. but it is worth investing your time to implement SASL instead. if you use pop before smtp, use a dedicated file and use it before
    Message 1 of 6 , Nov 1, 2009
    • 0 Attachment
      Alex a écrit :
      > Hi,
      >
      >> smtpd_recipient_restrictions =
      >> reject_non_fqdn_sender
      >> reject_non_fqdn_recipient
      >> permit_mynetworks
      >> #permit_sasl_authenticated
      >> reject_unauth_destination
      >> #
      >> reject_invalid_hostname
      >> reject_non_fqdn_hostname
      >> reject_unknown_sender_domain
      >> #
      >> check_client_access hash:/etc/postfix/client_checks
      >> check_recipient_access pcre:/etc/postfix/relay_recips_checks
      >> check_helo_access hash:/etc/postfix/helo_checks
      >> check_sender_access hash:/etc/postfix/sender_checks
      >> check_sender_access hash:/etc/postfix/disallow_my_domain
      >> check_recipient_access pcre:/etc/postfix/recipient_checks
      >> #
      >> reject_rbl_client zen.spamhaus.org
      >
      > How about pop-before-smtp? Would I add the check_client_access
      > immediately after permit_mynetworks above?
      >

      yes. but it is worth investing your time to implement SASL instead.

      if you use pop before smtp, use a dedicated file and use it before
      reject_unauth_destination (so that they can relay).

      > Will this configuration above prevent DSL or cable users without
      > reverse, only forward DNS from being accepted? I keep receiving the
      > following:
      >
      > Nov 1 15:34:42 smtp01 postfix/smtpd[28620]: warning: 67.142.235.122:
      > hostname host6714200122235.direcway.com verification failed: Host not
      > found
      >

      this is only informational.

      > The IP is in the popb4smtp db, but they still receive a relaying denied message:
      >
      > Nov 1 14:32:44 smtp01 postfix/smtpd[23790]: reject: RCPT from
      > unknown[67.142.235.122]: 554 <John@...>: Relay access denied;
      > from=<joe3135@...> to=<John@...>
      >

      make sure the pop4smtp check comes before reject_unauth_destination. if
      this is the case and you still see "Relay access denied", check that
      the IP of the client is in the map at the time of the check. and of
      course, the map should return OK for the IP.
    Your message has been successfully submitted and would be delivered to recipients shortly.