From: Warrick FitzGerald (no email)
Date: Sat Oct 01 2005 - 15:31:18 EDT
Magnus Bäck wrote:
>On Saturday, October 01, 2005 at 20:34 CEST,
> Warrick FitzGerald <> wrote:
>
>
>
>>Thanks for the help on this guys, but it does not seem to be working for
>>some reason. This is what my smtpd_client_restrictions now looks like :
>>
>>smtpd_client_restrictions = permit_mynetworks, permit_auth_destination,
>>permit_sasl_authenticated, check_recipient_access
>>hash:/etc/postfix/access, reject
>>
>>[root at livemail1 postfix]# postmap -q domaina.com access
>>REJECT
>>
>>I tested this by telneting directly to the machine from an untrusted
>>network and then injecting a mail for domaina.com
>>
>>
>
>If domaina.com is one of your domains, permit_auth_destination will
>return OK and make sure that none of the following restrictions are
>evaluated. Also, in this particular case the check_recipient_access
>restriction makes no difference since messages to domaina.com will be
>rejected anyway by the final reject restriction.
>
>And why put this under smtpd_client_restrictions? With the default
>value of smtpd_delay_reject (yes) it will work, but surely it will
>make more sense listing the check_recipient_access under
>smtpd_recipient_restrictions.
>
>smtpd_recipient_restrictions =
> ...
> permit_sasl_authenticated,
> ...
> reject_unauth_destination,
> ...
> check_recipient_access hash:/path/to/file
> ...
>
>/path/to/file:
>example.com REJECT
>
>
>
You're a legend mate, thanks - so logiocal now that you've explained it.
Works like a charm now.
|
|
|