|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Accept email only from local for specific addresses
From: Claude Needham (gxxaxx
gmail.com)
Date: Sat Jul 29 2006 - 11:01:58 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 7/29/06, Sandy Drobic <postfix-usersjapantest.homelinux.com> wrote:
> > smtpd_recipient_restrictions =
> > permit_sasl_authenticated,
> > permit_mynetworks,
> > reject_unauth_destination,
> > reject_rbl_client relays.ordb.org,
> > reject_rbl_client list.dsbl.org,
> > reject_rbl_client sbl-xbl.spamhaus.org,
> > check_recipient_access hash:/etc/postfix/internal_only
>
> Why would you check three external dns blacklists when you know that the
> recipient address will be rejected? In this case it makes sense to put it
> right behind reject_unauth_destination. Though, if your server is not
> terribly busy, it won't make a noticable difference.
>
> Sandy
My first impulse was to put the check_recipient_access right after
reject_unauth_destination as you suggest. But then I noticed several
sample main.cf files on the web had it this way.
The ratio of blacklisted email to check_recipient_access rejected
emails is probably 1000:1 So. I would have blacklisted emails passing
through the check_recipient_access if I put the
check_recipient_access under the reject_unauth_destination.
Logically it makes more sense to put:
reject_unauth_destination,
check_recipient_access hash:/etc/postfix/internal_only
reject_rbl_client relays.ordb.org,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl-xbl.spamhaus.org,
But I have no clue how much overhead the check_recipient_access is.
And since all of the blacklisted stuff will be passing through this, I
just don't know.
Claude
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]