|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Disable RBL for SMTP submission?
From: Jorey Bump (list
joreybump.com)
Date: Mon Sep 25 2006 - 11:07:28 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Timothy Brown wrote:
> Okay, I'll play around with it a little. This is the way mine is set in
> the main.cf:
>
> smtpd_recipient_restrictions =
> permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,permit
>
> smtpd_client_restrictions = permit_mynetworks reject_rbl_client
> relays.ordb.org reject_rbl_client sbl-xbl.spamhaus.org reject_rbl_client
> bl.spamcop.net reject_rbl_client dnsbl.sorbs.net permit
>
> That seems backwards from yours. This is the default way Apple puts it
> in with Mac OS X Server. Should I swap that?
Well, it depends. Since smtpd_client_restrictions is checked before
smtpd_recipient_restrictions, your users don't have a chance to proceed.
You can either move your RBL checks to the end of
smtpd_recipient_restrictions, or insert permit_sasl_authenticated before
them in smtpd_client_restrictions:
smtpd_client_restrictions =
permit_sasl_authenticated
permit_mynetworks
reject_rbl_client...
This will allow them to move on to the next phase,
smtpd_recipient_restrictions, where they must also be permitted to
proceed. I find it easier to manage everything in
smtpd_recipient_restrictions, but this is not always the optimum or
recommended approach. The point is to permit your authenticated users
before they will encounter anything that will reject them against your
wishes (I don't allow them to send to unknown domains, for example, so I
put this after reject_unknown_recipient_domain).
As your configuration becomes more complex, you must take care not to
become an open relay, so you'll need to study the documentation a bit.
Post the output of postconf -n if you have any questions about this.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]