_restrictions

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

_restrictions

Helmut Schneider
Hi,

I'm cleaning up my postfix configs and am wondering if I can improve /
should change my _restrictions on postfix 3.3 / 3.5:

local postfix instance:

smtpd_client_restrictions =
     permit_mynetworks
     permit_sasl_authenticated
smtpd_helo_restrictions =
     permit_mynetworks
     permit_sasl_authenticated
smtpd_sender_restrictions =
     permit_mynetworks
     permit_sasl_authenticated
smtpd_recipient_restrictions =
     permit_mynetworks
     permit_sasl_authenticated
     reject_unauth_destination
smtpd_data_restrictions =
     permit_mynetworks
     permit_sasl_authenticated
     reject_unauth_pipelining

relaying instance inbound:

smtpd_client_restrictions =
     permit_mynetworks
     permit_sasl_authenticated
     warn_if_reject check_client_access hash:/etc/postfix-in/client_access
     warn_if_reject reject_unknown_client_hostname
     warn_if_reject reject_unknown_reverse_client_hostname
     warn_if_reject reject_rbl_client ix.dnsbl.manitu.net
     warn_if_reject reject_rbl_client zen.spamhaus.org
smtpd_helo_restrictions =
     permit_mynetworks
     permit_sasl_authenticated
     warn_if_reject check_helo_access hash:/etc/postfix-in/helo_access
     warn_if_reject reject_non_fqdn_helo_hostname
     warn_if_reject reject_invalid_helo_hostname
     warn_if_reject reject_unknown_helo_hostname
smtpd_sender_restrictions =
     permit_mynetworks
     permit_sasl_authenticated
     warn_if_reject check_sender_access hash:/etc/postfix-in/sender_access
     warn_if_reject reject_non_fqdn_sender
     warn_if_reject reject_unknown_sender_domain
smtpd_recipient_restrictions =
     permit_mynetworks
     permit_sasl_authenticated
     reject_unlisted_recipient
     reject_unauth_destination
smtpd_data_restrictions =
     permit_mynetworks
     permit_sasl_authenticated
     reject_unauth_pipelining
smtpd_relay_restrictions =
     permit_mynetworks
     permit_sasl_authenticated
     reject_unauth_destination

relaying instance outbound:

smtpd_client_restrictions =
     permit_mynetworks
     permit_sasl_authenticated
     check_client_access cidr:/etc/postfix-out/client_access
     warn_if_reject reject_unknown_client_hostname
     warn_if_reject reject_unknown_reverse_client_hostname
smtpd_helo_restrictions =
     permit_mynetworks
     permit_sasl_authenticated
     check_helo_access hash:/etc/postfix-out/helo_access
     reject_non_fqdn_helo_hostname
     reject_invalid_helo_hostname
     warn_if_reject reject_unknown_helo_hostname
smtpd_sender_restrictions =
     permit_mynetworks
     permit_sasl_authenticated
smtpd_recipient_restrictions =
     permit_mynetworks
     permit_sasl_authenticated
     check_client_access cidr:/etc/postfix-out/client_access
     reject_unauth_destination
smtpd_data_restrictions =
     permit_mynetworks
     permit_sasl_authenticated
     reject_unauth_pipelining
smtpd_relay_restrictions =
     permit_mynetworks
     permit_sasl_authenticated
     check_client_access cidr:/etc/postfix-out/client_access
     reject_unauth_destination

Anything missing / redundant / unneccessary?

Thank you!