From: (no name) (no email)
Date: Thu Feb 26 2004 - 19:52:15 EST
On Thu, 26 Feb 2004, Joe Hrbek wrote:
> > You should be fine so long as your recipient restrictions include
> > "reject_unauth_destination" early enough.
> >
> > Typically the first line of "...more stuff..." is
> > "reject_unauth_destination".
>
> Here is my complete recipient restriction config:
>
> smtpd_recipient_restrictions =
> permit_mynetworks,
> permit_sasl_authenticated,
> reject_non_fqdn_recipient,
> check_client_access mysql:/etc/postfix/mysql-domainlist.cf,
> reject_unknown_recipient_domain,
> reject_unauth_destination
>
> So you suggest moving reject_unauth_destination so that it's right after
> permit_sasl_authenticated?
>
You seem to list some trusted clients (by domain name) via
mysql-domainlist.cf. While this is a fragile mechanism (temp DNS errosrs
lead to 5XX reject codes) that is not recommended (you are supposed to
permit clients by IP or authenticate them), if you are OK with using this,
you should leave the restrictions largely unchanged.
-- Viktor.
|
|
|