Re: Simplistic (but solid??) smtpd_recipient_restrictions

From: Ralf Hildebrandt (no email)
Date: Wed May 01 2002 - 04:00:25 EDT

• Next message: Tony: "Virtual Format vs Alias Format"
• Previous message: p dont think: "Re: Simplistic (but solid??) smtpd_recipient_restrictions"
• Maybe in reply to: p dont think: "Re: Simplistic (but solid??) smtpd_recipient_restrictions"
• Next in thread: p dont think: "Re: Simplistic (but solid??) smtpd_recipient_restrictions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Wed, May 01, 2002 at 12:55:55AM -0700, p dont think wrote:
> OK, I misunderstood the meaning of "permit_mynetworks" -- reading
> sample-smtpd.cf cleared that up -- it's somewhat misleading, if I
> understand correctly, in that "permit_mynetworks" here is placing
> a limitation on the address of the connecting client and NOT on
> the actual contents of RCPT TO, even though we are listing it in
> "smtpd_recipient_restrictions".

All parameters can be used in smtpd_recipient_restrictions, and their
menaing is always the same, no matter where they are in
smtpd_mumble_restrictions. There was an exception, though.

> On a related note, is it correct to structure the listing as
> follows in order to enable UCE controls EXCEPT for those users
> listed in a client access map (with "OK")? --
>
>
> smtpd_recipient_restrictions =
> permit_mynetworks
> permit_sasl_authenticated
> check_recipient_access maptype:mapname (list users in the
> map with "OK" who don't want UCE controlled delivery)
> <--
> insert appropriate UCE controls here, such as
> reject_maps_rbl, reject_invalid_hostname,
> reject_unauth_pipelining, reject_non_fqdn_hostname, reject_non_fqdn_sender
> -->
> reject_unauth_destination
> permit

I'd use:
smtpd_recipient_restrictions =
        permit_mynetworks
        permit_sasl_authenticated
        reject_unauth_destination

        # make sure no relaying takes place first!
        
        check_recipient_access maptype:mapname (list users in the
               map with "OK" who don't want UCE controlled delivery)
 <--
        insert appropriate UCE controls here, such as
        reject_maps_rbl, reject_invalid_hostname,
        reject_unauth_pipelining, reject_non_fqdn_hostname, reject_non_fqdn_sender
 -->
        permit

-- 
Ralf Hildebrandt (Im Auftrag des Referat V A)   
Charite Campus Virchow-Klinikum                 Tel.  +49 (0)30-450 570-155
Referat V A - Kommunikationsnetze -             Fax.  +49 (0)30-450 570-916
Anyone who cannot cope with Mathematics is not fully human -- at best
he is a tolerable subhuman who learned how to tie his shoes and not
make messes in the house.             -- Mr. Easley, calculus teacher 
-
To unsubscribe, send mail to  with content
(not subject): unsubscribe postfix-users

• Next message: Tony: "Virtual Format vs Alias Format"
• Previous message: p dont think: "Re: Simplistic (but solid??) smtpd_recipient_restrictions"
• Maybe in reply to: p dont think: "Re: Simplistic (but solid??) smtpd_recipient_restrictions"
• Next in thread: p dont think: "Re: Simplistic (but solid??) smtpd_recipient_restrictions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]