smtpd_recipient_restrictions values

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

smtpd_recipient_restrictions values

yannick chrysostome

Hi,

I've seen in my friend's main.cf, and often on the web something like that:

"smtpd_recipient_restrictions=permit_sasl_authenticated"

But when I look to the postfix configuration parameters (at "http://www.postfix.org/postconf.5.html") it seems to me that
permit_sasl_authenticated is only for the smtpd_client_restrictions parameter.

Moreover I don't get the deal with smtpd_recipient_restrictions=permit_sasl_authenticated :).

can someone explain me what I've missed.

Best Regards.

Yannick






Discutez gratuitement avec vos amis en vidéo ! Téléchargez Messenger, c'est gratuit !
Reply | Threaded
Open this post in threaded view
|

Re: smtpd_recipient_restrictions values

Brian Evans - Postfix List
yannick chrysostome wrote:

> Hi,
>  
> I've seen in my friend's main.cf, and often on the web something like that:
>
> "smtpd_recipient_restrictions=permit_sasl_authenticated"
>
> But when I look to the postfix configuration parameters (at "http://www.postfix.org/postconf.5.html") it seems to me that
> permit_sasl_authenticated is only for the **smtpd_client_restrictions parameter.
>
> Moreover I don't get the deal with  smtpd_recipient_restrictions=permit_sasl_authenticated :).
>
> can someone explain me what I've missed.
>
> Best Regards.
>  
> Yannick
>
>  
It seems you missed

http://www.postfix.org/postconf.5.html#smtpd_recipient_restrictions:
...
Other restrictions that are valid in this context:

    * Generic restrictions that can be used in any SMTP command context, described under smtpd_client_restrictions.
    * SMTP command specific restrictions described under smtpd_client_restrictions, smtpd_helo_restrictions and smtpd_sender_restrictions.




Brian
Reply | Threaded
Open this post in threaded view
|

Re: smtpd_recipient_restrictions values

Dusty-11
What do you mean by this?

Dusty.

On Thu, 26 Jun 2008 16:59:14 -0400, Brian Evans <[hidden email]> wrote:

> yannick chrysostome wrote:
>> Hi,
>>
>> I've seen in my friend's main.cf, and often on the web something like
> that:
>>
>> "smtpd_recipient_restrictions=permit_sasl_authenticated"
>>
>> But when I look to the postfix configuration parameters (at
> "http://www.postfix.org/postconf.5.html") it seems to me that
>> permit_sasl_authenticated is only for the **smtpd_client_restrictions
> parameter.
>>
>> Moreover I don't get the deal with
> smtpd_recipient_restrictions=permit_sasl_authenticated :).
>>
>> can someone explain me what I've missed.
>>
>> Best Regards.
>>
>> Yannick
>>
>>
> It seems you missed
>
> http://www.postfix.org/postconf.5.html#smtpd_recipient_restrictions:
> ...
> Other restrictions that are valid in this context:
>
>     * Generic restrictions that can be used in any SMTP command context,
> described under smtpd_client_restrictions.
>     * SMTP command specific restrictions described under
> smtpd_client_restrictions, smtpd_helo_restrictions and
> smtpd_sender_restrictions.
>
>
>
>
> Brian

Reply | Threaded
Open this post in threaded view
|

RE: smtpd_recipient_restrictions values

yannick chrysostome
> Brian Evans wrote:

> > It seems you missed
> >
> > http://www.postfix.org/postconf.5.html#smtpd_recipient_restrictions:
> > ...
> > Other restrictions that are valid in this context:
> >
> > * Generic restrictions that can be used in any SMTP command context,
> > described under smtpd_client_restrictions.
> > * SMTP command specific restrictions described under
> > smtpd_client_restrictions, smtpd_helo_restrictions and
> > smtpd_sender_restrictions.


I missed ;)
(i'm new with postfix)


> What do you mean by this?
>
> Dusty.

so if I get it right  smtpd_recipient_restrictions=permit_sasl_authenticated  means that the sender has to be authenticated before Postfix delivers the mail to the recipient ?



Best Regards.

 Yannick


Avec Windows Live Messenger restez en contact avec tous vos amis ! Téléchargez Messenger, c'est gratuit !
Reply | Threaded
Open this post in threaded view
|

Re: smtpd_recipient_restrictions values

Victor Duchovni
On Thu, Jun 26, 2008 at 11:48:57PM +0200, yannick chrysostome wrote:

> so if I get it right
> smtpd_recipient_restrictions=permit_sasl_authenticated
> means that the sender has to be authenticated before Postfix delivers
> the mail to the recipient ?

No, it means that authenticated senders are "OK" and not subjected to
*further* recipient restriction processing. As there are no further
resetrictions in your example, everyone is allowed, and you'd have
an open-relay, but Postfix will not allow you to do this.

In practice you'll have additional checks, some permissive, and some
restrictive. They are evaluated in order. At least one has to be
a check that blocks by default after making appopriate exceptions.
The full list of checks that satisfy this requirement is:

    reject - Unconditional hard error
    defer - Unconditional soft error
    defer_if_permit - Soft error if otherwise permitted
    reject_unauth_destination - Reject "relay" attempts
    check_relay_domains - Obsolete relay check with warts (don't use).

To allow relaying with SASL an MX host that is also used by users for
submission (MSA):

        smtpd_recipient_restrictions =
                permit_sasl_authenticated,
                permit_mynetworks,
                reject_unauth_destination,
                #
                # Uncomment RBL check if volume below their limits?
                # reject_rbl_client zen.spamhaus.org
                #
                # Other anti-spam checks on inbound mail
                # ...

--
        Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:[hidden email]?body=unsubscribe%20postfix-users>

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.