|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: proper order for smtpd_restrictions with sasl_auth and check_policy lines
From: Adam Young (adam
vbfx.com)
Date: Fri Mar 31 2006 - 16:20:06 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Fri, 31 Mar 2006 11:12:25 -0800
"Tavis Gustafson" <tavishq.newdream.net> wrote:
> Running postfix 2.1 on debian and I'm using a Policyd to throttled outbound
> mail. I read in the postfix docs to always put the check_policy_service
> line after the reject_unauth_destination or the machine might become an
> open relay. However, I'm having trouble finding the right order because I
> also have to put the permit_sasl_authenticated line in there.
>
> Here is my current order :
>
> smtpd_recipient_restrictions =
> reject_unauth_pipelining
> permit_mynetworks
> reject_non_fqdn_sender
> reject_non_fqdn_recipient
> check_policy_service inet:10.3.19.214:10031
> permit_sasl_authenticated
> reject_unauth_destination
> check_recipient_access mysql:/etc/postfix/mysql-access.cf
> check_client_access mysql:/etc/postfix/mysql-access.cf
> permit
Hi Tavis,
What you may want to do is, put the check_policy... in smtpd_client_restrictions
as, more than likely, you'll want to be blocking a client from sending more than
say.. 100msgs per hour, or however your restrictions are set.
I hope this helps, this is how I have it setup and it seems to work without
issue.
Thanks,
--
Adam Young <adam_at_vbfx_dot_com>
http://www.vbfx.com/
GPG Key - 5B3375F8
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQFELasZtscNDrJ2iDcRAs1oAKCTGMZfrgJx84YQqGZfwaQ+GsyzMgCeNwQV
1KwS4pv6LozByDNcj4zApsY=
=yCpS
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]