Re: Verify Outgoing From Address

From: Reindl Harald <h.reindl_at_nospam>
Date: Tue Mar 15 2011 - 19:43:46 GMT
To: postfix-users@postfix.org

Am 15.03.2011 20:34, schrieb Victor Duchovni:
> On Tue, Mar 15, 2011 at 08:27:44PM +0100, Reindl Harald wrote:
>
>>> The above does not do an exact job of setting policy for internal senders,
>>> since some internal senders send mail to internal recipients. It is far
>>> better to run to separate services each with simpler policies that apply
>>> just to the service at hand.
>>
>> i tried it some minutes ago on the live-machine and it works beautiful
>
> Clearly you tried something other than I was primarily trying to
> recommend...

my test was before your answer, did not thought you are so devil fast :-)

>> smtpd_helo_restrictions = permit_mynetworks, reject_authenticated_sender_login_mismatch, reject_non_fqdn_recipient,
>> reject_non_fqdn_sender, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname,
>> reject_unknown_helo_hostname
>>
>> smtpd_sender_restrictions = reject_unlisted_sender, permit_mynetworks, reject_authenticated_sender_login_mismatch,
>> reject_non_fqdn_recipient, reject_non_fqdn_sender, permit_sasl_authenticated, reject_unknown_sender_domain,
>> reject_unknown_recipient_domain
>>
>> smtpd_recipient_restrictions = reject_unlisted_sender, permit_mynetworks,
>> reject_authenticated_sender_login_mismatch, reject_non_fqdn_recipient, reject_non_fqdn_sender,
>> permit_sasl_authenticated, reject_unauth_destination, reject_unknown_sender_domain,
>> reject_unknown_recipient_domain, reject_invalid_hostname, reject_unauth_pipelining, reject_rbl_client
>> dnsbl-1.uceprotect.net, check_policy_service unix:/var/spool/postfix/postgrey/socket, check_recipient_access
>> mysql:/etc/postfix/mysql-spamfilter.cf
>
> These look much too complex. No need to keep checking the same things
> over and over again, provided you set "smtpd_helo_required = yes", the
> helo checks cannot be bypassed, so far example, you needlessly perform
> the sender login mismatch check 3 times...

"smtpd_helo_required = yes" -> true
if i understand this correct

"smtpd_sender_restrictions" can be totally removed
and "smtpd_helo_restrictions = reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname,
reject_unknown_helo_hostname" would be enough combined with "smtpd_helo_required"?

regards from austria

This message: [ Message body ]
Next message: Márcio Luciano Donada: "Queue"
Previous message: Victor Duchovni: "Re: Verify Outgoing From Address"
In reply to: Victor Duchovni: "Re: Verify Outgoing From Address"
Next in thread: Benny Pedersen: "Re: Verify Outgoing From Address"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]