On Tue, Nov 26, 2002 at 07:39:09AM -0800, Curtis wrote: | Here's how part of my main.cf file currently reads. I restarted this time, | instead of reloading, which IS what I usually did. Note, no more carolyn.ld@ | or whatever it was are no longer going through. | Curtis | | | #smtpd_recipient_restrictions = permit_sasl_authenticated ^
You have NO restriction whatsoever on the recipient of a message. If
you permit any and every recipient, that's called "relaying" (when the
recipien isn't in your own domain). An "open relay" is one which
doesn't restrict the mail passing through it.
| smtpd_client_restrictions = permit_sasl_authenticated, permit_mynetworks,
| reject_unknown_client, reject_non_fqdn_recipient, check_relay_domains
This doesn't really matter a whole lot - a "client" is merely the host
connecting to you. Change this option to 'permit', otherwise you'll
preempt some of your roaming users from sending mail if the ISP they
happen to be connected through doesn't have Reverse DNS set up.
| smtpd_delay_reject = yes
|
| #local_recipient_maps = unix:passwd.byname
^
Uncomment this as well so that you'll reject non-existant recipients
in your domain.
| relay_domains = $mydestination, $virtual_domains
No. You don't want to relay to any domain. Change that to
relay_domains =
Set the $mydomain parameter to your domain name(s). Then postfix will
consider those domains to be its responsibility and will deliver
(locally) for those addresses. Relaying is when you accept and
pass on mail that is not destined for your own domain. You don't want
to do that at all.
Read http://www.metaconsultancy.com/whitepapers/smtp.htm to get a
better understanding of how postfix works and what the various options
are. Follow the example for smtpd_recipient_restrictions.
I haven't used postfix as a mail server, but I started to put together
a configuration to test it. Here's what I think is appropriate :
----
# JUNK MAIL CONTROLS
#
# The controls listed here are only a very small subset. See the file
# sample-smtpd.cf for an elaborate list of anti-UCE controls.
smtpd_client_restrictions =
permit
smtpd_helo_restrictions =
reject_invalid_hostname ,
reject_non_fqdn_hostname ,
reject_unknown_hostname ,
permit
smtpd_sender_restrictions =
reject_non_fqdn_sender ,
reject_unkown_sender_domain ,
permit
smtpd_recipient_restrictions =
reject_unknown_recipient_domain ,
reject_non_fqdn_recipient ,
reject_unauth_destination ,
permit_auth_destination ,
permit_sasl_authenticated ,
permit_mynetworks ,
reject
----
HTH,
-D
--
You can't assign IP address 127.0.0.1 to the loopback adapter,
because it is a reserved address for loopback devices
(Microsoft Windows XP - P R O F E S S I O N A L)
http://dman.ddts.net/~dman/
msg15446/pgp00000.pgp
Description: PGP signature
