From LedHed's Wiki
Jump to: navigation, search
 
(3 intermediate revisions by the same user not shown)
Line 14: Line 14:
 
       reject_unlisted_recipient
 
       reject_unlisted_recipient
 
       check_client_access pcre:/etc/postfix/spam-filter.cf
 
       check_client_access pcre:/etc/postfix/spam-filter.cf
<br>
 
  
''NOTES:''<br>
+
<br>
 +
'''NOTES:'''
 
<br>
 
<br>
 
'''[http://www.postfix.org/postconf.5.html#smtpd_reject_unlisted_recipient reject_unlisted_recipient]''' ''The best thing since sliced bread!''<br>
 
'''[http://www.postfix.org/postconf.5.html#smtpd_reject_unlisted_recipient reject_unlisted_recipient]''' ''The best thing since sliced bread!''<br>
It will reject mail where the recipient domain is listed in Virtual_Mailbox_Domains but the recipient is not listed in Virtual_Mailbox_Maps. You would think this goes without saying, but this isn't the default behavior. When in doubt add this line!
+
It will reject mail where the recipient domain is listed in Virtual_Mailbox_Domains but the recipient is not listed in Virtual_Mailbox_Maps. You would think this goes without saying, but this isn't the default behavior. When in doubt add this line!<br>
 
+
  
In the example '''[http://www.postfix.org/postconf.5.html#check_client_access check_client_access]''' calls the file spam-filter.cf
+
'''[http://www.postfix.org/postconf.5.html#check_client_access check_client_access]''' ''calls the file spam-filter.cf''<br>
This is an example of what I call message routing (Not sure if this is really whats its called :) ). Basically any message that hasn't been accepted or rejected by the precious checks is then handled by check_client_access. This PCRE file contains
+
This is an example of what I call message routing (Not sure if this is really whats its called :) ). Basically any message that hasn't been accepted or rejected by the previous checks is then handled by check_client_access. The PCRE file (spam-filter.cf) contains:
  
 
  /./ FILTER lmtp:unix:/spamfilter.sock
 
  /./ FILTER lmtp:unix:/spamfilter.sock
Line 29: Line 28:
 
/./ is a wildcard that will catch every message and in this case send it to spamfilter.sock
 
/./ is a wildcard that will catch every message and in this case send it to spamfilter.sock
  
The result is that messages that are NOT sent from "mynetworks", are NOT "sasl_authenticated", have a "authorized destination", and have a "listed recipient" are then '''routed''' to the spam filter.
+
The result is that messages that are NOT sent from within "mynetworks", are NOT "sasl_authenticated", have a "authorized destination", and have a "listed recipient" are then '''routed''' to the spam filter.
  
  

Latest revision as of 21:25, 16 August 2006

These restrictions are useful for accepting, rejecting and even routing messages.

Reference: smtpd_recipient_restrictions in the postfix documentation

Example:

smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
smtpd_recipient_restrictions =
      permit_mynetworks
      permit_sasl_authenticated
      reject_unauth_destination
      reject_unlisted_recipient
      check_client_access pcre:/etc/postfix/spam-filter.cf


NOTES:
reject_unlisted_recipient The best thing since sliced bread!
It will reject mail where the recipient domain is listed in Virtual_Mailbox_Domains but the recipient is not listed in Virtual_Mailbox_Maps. You would think this goes without saying, but this isn't the default behavior. When in doubt add this line!

check_client_access calls the file spam-filter.cf
This is an example of what I call message routing (Not sure if this is really whats its called :) ). Basically any message that hasn't been accepted or rejected by the previous checks is then handled by check_client_access. The PCRE file (spam-filter.cf) contains:

/./ FILTER lmtp:unix:/spamfilter.sock

/./ is a wildcard that will catch every message and in this case send it to spamfilter.sock

The result is that messages that are NOT sent from within "mynetworks", are NOT "sasl_authenticated", have a "authorized destination", and have a "listed recipient" are then routed to the spam filter.