From: Alexandre Balistrieri (balisir.inpe.br)
Date: Thu Jun 28 2007 - 12:29:56 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thursday 28 June 2007, mouss wrote:
> Alexandre Balistrieri wrote:
> > On Wednesday 27 June 2007, mouss wrote:
> >> Alexandre Balistrieri wrote:
> >>> It seems that the flow's control is better using OK or DUNNO with
> >>> separate restriction's stages. OK goes to the next stage and DUNNO goes
> >>> to the next line into stage. Let me know if i am in right track.
> >>
> >> It's too late to assess your statement, but I see what you mean. This is
> >> however rarely needed. see below. and in your case, you are repeating
> >> the same checks, so that's useless.
> >
> > It seems that it has a trend in using only smtpd_recipient_restrictions.
> > Then why not to substitute all for smtpd_uce_restrictions?
>
> you're misunderstading me. I said to use smtpd_recipient_restrictions
> only _because_ you were repeating the _same_ checks all over again. It
> is ok to do
Sorry, i did not can to explain my conclusion.
I have seen several smtpd_recipient_restrictions examples with all
restrictions together but no useful example with smtpd_*_restrictions.

I will put it all together again.

>
> smtpd_helo_restrictions =
> reject_invalid_hostname
>
> smtpd_sender_restrictions =
> reject_non_fqdn_sender
>
> smtpd_recipient_restrictions =
> permit_mynetworks
> reject_unauth_destination
>
>
> but in your setup, you are duplicating a dozens of checks (probably to
> whitelist some clients/sender/...). so you had to add permit_sasl_auth
> in many places to allow your outlook to go.
yes.
>
> PS. whitelisting based on sender address is dangerous. These things are
> easily forged.

thank you for your help.

--
[]s
Alexandre Balistrieri

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]