Re: changing order of access restrictions

From: Robert Schmid <rschmid-postfix_at_nospam>
Date: Thu Jul 14 2011 - 22:05:56 GMT
To: postfix users <postfix-users@postfix.org>

OK, that was unexpected. I clearly don't understand the distinction between client, sender and recipient restrictions. Why are they separate?

On Jul 14, 2011, at 4:39 PM, Noel Jones wrote:

> On 7/14/2011 4:32 PM, Robert Schmid wrote:
>> My apologies if this has been asked and answered. I set my postfix server up several years ago and haven't looked at it since. Now I am a bit confused about it.
>>
>> I host several domains and I have a decent level of restrictions aimed primarily at UCE. I have one domain that wants no blocked email, though. They would rather get the spam. How can I configure postfix to check the recipient domain first and allow all those mails through and THEN do all the normal checks in the regular order which I understand to be client, helo, sender, recipient, data, or end-of-data. So what I want is a check that goes
>>
>> recipient for one permissive domain
>> client
>> helo
>> sender
>> recipient AGAIN for the other domains
>> data
>> end-of data
>>
>> Is this just a matter of multiple lines for recipient restrictions in the appropriate order in the file so that;
>>
>> smtpd_client_restrictions = permit_mynetworks reject_rbl_client bl.spamcop.net reject_rbl_client sbl.spamhaus.org reject_rbl_client xbl.spamhaus.org permit
>>
>> smtpd_Sender_restrictions = reject_unknown_sender_domain, reject_non_fqdn_hostname,
>>
>> smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_policy_service inet:127.0.0.1:10023, permit
>>
>> smtpd_data_restrictions = reject_unauth_pipelining, permit
>>
>>
>
> Put all your restrictions under smtpd_recipient_restrictions,
> whitelisting the spamlover before other restrictions.
>
> smtpd_client_restrictions =
> smtpd_sender_restrictions =
> (both above set empty, which is the default. or just remove
> them from main.cf)
>
>
> smtpd_recipient_restrictions =
> permit_sasl_authenticated
> permit_mynetworks
> reject_unauth_destination
> check_recipient_access hash:/etc/postfix/recipient_whitelist
> reject_unknown_sender_domain
> reject_non_fqdn_hostname
> reject_rbl-whatever foo
> check_policy_service whatever:
>
>
>
> -- Noel Jones

This message: [ Message body ]
Next message: Noel Jones: "Re: changing order of access restrictions"
Previous message: Noel Jones: "Re: changing order of access restrictions"
In reply to: Noel Jones: "Re: changing order of access restrictions"
Next in thread: Noel Jones: "Re: changing order of access restrictions"
Reply: Noel Jones: "Re: changing order of access restrictions"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]