From: Bill Landry (no email)
Date: Mon Apr 01 2002 - 11:52:08 EST
:
>If you list check_sender_access under smtpd_recipient_restrictions,
>an OK or RELAY result in that access table means OK for the recipient.
>
>If you don't want that to happen, then don't list check_sender_access
>under smtpd_recipient_restrictions.
>
>List it under smtpd_sender_restrictions instead.
Wietse, it looked like you were responding to me, and I was a bit confused
by your response, so I wanted to clarify for my own understanding. Maybe I
misunderstood, but in practice it also seems to mean OK for the sender. I
thought that the UCE control were cumulative as they went from client, helo,
sender, to recipient restrictions. This is from "My Understanding Of How
UCE Actually Works", by Meng Wong:
==========
All lists can run the following generic restrictions:
permit (default when postfix runs off the end of a list)
reject
reject_unauth_pipelining
smtpd_client_restrictions can include all of the above, plus:
check_client_access maptype:mapname
permit_mynetworks
reject_unknown_client
reject_maps_rbl
smtpd_helo_restrictions can include all of the above, plus:
check_helo_access maptype:mapname
reject_invalid_hostname
reject_unknown_hostname
permit_naked_ip_address
reject_non_fqdn_hostname
smtpd_sender_restrictions can include all of the above, plus:
check_sender_access maptype:mapname
reject_unknown_sender_domain
reject_non_fqdn_sender
smtpd_recipient_restrictions can include all of the above, plus:
check_recipient_access maptype:mapname
permit_auth_destination
permit_mx_backup
reject_non_fqdn_recipient
reject_unauth_destination
reject_unknown_recipient_domain
check_relay_domains
==========
In any case, here is my configuration:
==========
smtpd_client_restrictions =
smtpd_helo_restrictions =
smtpd_sender_restrictions =
smtpd_recipient_restrictions =
reject_unauth_pipelining,
permit_mynetworks,
reject_unauth_destination,
check_recipient_access hash:/etc/postfix/recipient-rules,
check_sender_access hash:/etc/postfix/sender-rules,
check_helo_access hash:/etc/postfix/hostname-rules,
reject_invalid_hostname,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_maps_rbl,
permit
==========
When I add a sender's e-mail address in the form:
OK
to my sender-rules file that was previously being block by an RBL check, it
then gets delivered successfully to the receipent because it bypasses my
sender RBL checks. I thought this was why Ralf and others recommended
adding all UCE restrictions under smtpd_recipient_restrictions.
Bill
PS, sorry for the long post to the list...
-
To unsubscribe, send mail to with content
(not subject): unsubscribe postfix-users
|
|
|