On Mon, Jul 01, 2002 at 04:38:50PM -0400, Larry Hansford wrote:
> When I added the lines to reject_unkown_* and reject_unauth*, it broke the
> pop-before-smtp capability. Are there any potential problems with moving
> the pop-*-smtp upward in the check order?
>
> smtpd_recipient_restrictions =
> reject_non_fqdn_sender,
> reject_non_fqdn_recipient,
> reject_unknown_sender_domain,
> reject_unknown_recipient_domain,
> permit_mynetworks,
    
    -> this is where the pop-before-smtp stuff goes <-
       why? because it's sort-of your network!
    
> reject_unauth_destination,
> check_client_access hash:/etc/postfix/pop-before-smtp,
> check_sender_access hash:/etc/postfix/access_list,
> check_recipient_access hash:/etc/postfix/access_list,
> reject_non_fqdn_hostname,
> reject_unknown_client,
> permit
>
>
> Where is the recommended palcement for that line? I don't want to open the
> system up for spammers nor relaying, but need to keep the pop-before-smtp
> capability.

Just move it up one line. "reject_unauth_destination" is the
anti-relay-check.

-- 
Ralf Hildebrandt (Im Auftrag des Referat V A)   Ralf.Hildebrandtcharite.de
Charite Campus Virchow-Klinikum                 Tel.  +49 (0)30-450 570-155
Referat V A - Kommunikationsnetze -             Fax.  +49 (0)30-450 570-916
Most people use Windows. Is this a reason to run Windows?
Flies love shit. A million flies can't be wrong, can they?
-
To unsubscribe, send mail to majordomopostfix.org with content
(not subject): unsubscribe postfix-users

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]