Prev: before-queue milter concerns
Next: load balancing among mail servers
From: "Jon L Miller" on 16 Feb 2010 23:15
Is it standard practice to have the filter: permit_my _networks at the top
of a listing? Also having the filter permit at the bottom what is the reason
and the difference between the two filters.



Jon

From: Stefan Foerster on 17 Feb 2010 02:29
* Jon L Miller <jlmiller(a)mmtnetworks.com.au>:
> Is it standard practice to have the filter: permit_my _networks at the top
> of a listing? Also having the filter permit at the bottom what is the reason
> and the difference between the two filters.

If, by "filters" you are referring to "smtpd_mumble_restrictions", or,
more specifically, "smtpd_recipient_restrictions", then the answer is
"yes and no".

The default smtpd_recipient_restrictions setting is
"permit_mynetworks, reject_unauth_destination". However, a lot of
people commonly modify those setting. Amongst the list of restrictions
that I have most often witnessed to be placed before
"permit_mynetworks" are:

reject_non_fqdn_sender
reject_non_fqdn_recipient
reject_unlisted_sender
reject_unlisted_recipient
reject_unknown_sender_domain
reject_unknown_recipient_domain

(Those are e.g. referenced in books by Peer Heinlein, Patrick Ben
Koetter and Ralf Hildebrandt and also taught in various Postfix
related trainings at e.g. the German "Linuxhotel").

Their purpose is to prevent a mail server from accepting mail when the
server - at the time the message is received - knows that it cannot
currently deliver this mail, or that it cannot possibly deliver a
NDR.


Stefan

 | 
Pages: 1
Prev: before-queue milter concerns
Next: load balancing among mail servers