Frage zu smtpd_relay_restrictions und smptd_recipient_restrictions...
Klaus Tachtler
klaus at tachtler.net
Sa Aug 29 07:26:56 CEST 2015
Hallo Liste,
> Hallo Liste,
>
> ich hoffe ich nerve nicht zu sehr mit meinen vielen Fragen...
>
> Kann ich ALLE Einträge, welche ich bereits in
> smtpd_relay_restrictions habe aus smtpd_recipient_restrictions
> entfernen?
>
> DOPPELT WÄREN: permit_sasl_authenticated, permit_mynetworks,
> permit_mx_backup, reject_unauth_destination?
>
>
> smtpd_relay_restrictions =
> # Permit all SASL authenticated users or clients from mynetworks.
> permit_sasl_authenticated,
> permit_mynetworks,
> # Permit Backup-MX server.
> permit_mx_backup,
> # Reject relaying all others, to prevent to be an "open relay server".
> reject_unauth_destination
>
Ich hab das jetzt mal so gemacht:
smtpd_relay_restrictions =
# Permit all clients from mynetworks.
permit_mynetworks,
# Reject relaying all others, to prevent to be an "open relay server".
reject_unauth_destination
>
> smtpd_recipient_restrictions =
> # RFC or important ROLE-Accounts - Whitelisting - like: postmaster, abuse.
> check_recipient_access btree:/etc/postfix/check_recipient_access_rfc,
> # White- and Blacklisting.
> check_client_access cidr:/etc/postfix/check_client_access,
> check_helo_access btree:/etc/postfix/check_helo_access,
> check_sender_access btree:/etc/postfix/check_sender_access,
> check_recipient_access btree:/etc/postfix/check_recipient_access,
> # Reject unclean e-Mail.
> reject_non_fqdn_sender,
> reject_non_fqdn_recipient,
> reject_unknown_sender_domain,
> reject_unknown_recipient_domain,
> reject_invalid_helo_hostname,
> # Permit all SASL authenticated users, or clients from mynetworks.
> permit_sasl_authenticated,
> permit_mynetworks,
> # RBL and RHSBL checks.
> reject_rbl_client zen.spamhaus.org=127.0.0.10,
> reject_rbl_client zen.spamhaus.org=127.0.0.11,
> reject_rbl_client zen.spamhaus.org,
> reject_rbl_client ix.dnsbl.manitu.net,
> reject_rbl_client bl.spamcop.net,
> reject_rhsbl_client multi.uribl.com,
> # Check dynamicaly existing Relay-Recipient.
> reject_unverified_recipient,
> # Permit Backup-MX.
> permit_mx_backup,
> # Reject relaying all others, to prevent to be an "open relay server".
> reject_unauth_destination,
> # Check dynamicaly the Quota-Status of the user against the dovecot
> imap server.
> check_policy_service inet:192.168.0.80:12340
>
>
und das so gemacht:
smtpd_recipient_restrictions =
# RFC or important ROLE-Accounts - Whitelisting - like: postmaster, abuse.
check_recipient_access btree:/etc/postfix/check_recipient_access_rfc,
# White- and Blacklisting.
check_client_access cidr:/etc/postfix/check_client_access,
check_helo_access btree:/etc/postfix/check_helo_access,
check_sender_access btree:/etc/postfix/check_sender_access,
check_recipient_access btree:/etc/postfix/check_recipient_access,
# Reject unclean e-Mail.
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_invalid_helo_hostname,
# RBL and RHSBL checks.
reject_rbl_client zen.spamhaus.org=127.0.0.10,
reject_rbl_client zen.spamhaus.org=127.0.0.11,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client ix.dnsbl.manitu.net,
reject_rbl_client bl.spamcop.net,
reject_rhsbl_client multi.uribl.com,
# Check dynamicaly existing Relay-Recipient.
reject_unverified_recipient,
# Permit Backup-MX.
permit_mx_backup,
# Check dynamicaly the Quota-Status of the user against the dovecot
imap server.
check_policy_service inet:192.168.0.80:12340
Irgendwelche Kommentare, Anregungen oder Verbesserungen dazu?
Danke schon in Voraus...
Grüße
Klaus.
--
------------------------------------------
e-Mail : klaus at tachtler.net
Homepage: http://www.tachtler.net
DokuWiki: http://www.dokuwiki.tachtler.net
------------------------------------------
Mehr Informationen über die Mailingliste Postfixbuch-users