From: Magnus Bäck (no email)
Date: Sat Oct 01 2005 - 15:11:29 EDT
On Saturday, October 01, 2005 at 20:34 CEST,
Warrick FitzGerald <> wrote:
> Thanks for the help on this guys, but it does not seem to be working for
> some reason. This is what my smtpd_client_restrictions now looks like :
>
> smtpd_client_restrictions = permit_mynetworks, permit_auth_destination,
> permit_sasl_authenticated, check_recipient_access
> hash:/etc/postfix/access, reject
>
> [root at livemail1 postfix]# postmap -q domaina.com access
> REJECT
>
> I tested this by telneting directly to the machine from an untrusted
> network and then injecting a mail for domaina.com
If domaina.com is one of your domains, permit_auth_destination will
return OK and make sure that none of the following restrictions are
evaluated. Also, in this particular case the check_recipient_access
restriction makes no difference since messages to domaina.com will be
rejected anyway by the final reject restriction.
And why put this under smtpd_client_restrictions? With the default
value of smtpd_delay_reject (yes) it will work, but surely it will
make more sense listing the check_recipient_access under
smtpd_recipient_restrictions.
smtpd_recipient_restrictions =
...
permit_sasl_authenticated,
...
reject_unauth_destination,
...
check_recipient_access hash:/path/to/file
...
/path/to/file:
example.com REJECT
-- Magnus Bäck
|
|
|