Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Thread Tools Display Modes
Prev Previous Post   Next Post Next
Old 23rd February 2009, 00:58
Angelito Angelito is offline
Junior Member
Join Date: Jan 2008
Location: Los Angeles,CA (US)
Posts: 16
Thanks: 0
Thanked 0 Times in 0 Posts
Default smtpd_sender_restrictions vs smtpd_recipient_restrictions vs smtpd_client_restriction

I want to reject mail from spam sources aimed to my domains (local delivery) specified in:
virtual_mailbox_domains = example2.com, example3.net
All mail with a destination to example2.com and example3.net is delivered locally.

If any of the users in example2.com and/or example3.net want to use Postfix to relay mail (eg: to hotmail or yahoo mail)will have to authenticate first (SASL), if authentication is successful they are granted permission to relay mail.

Now, as I said first I want to reject mail aimed to example2.com and/or example3.net from spam sources.(I know there could be other methods, but this thread is about smtpd_sender_restrictions vs smtpd_recipient_restrictions vs smtpd_client_restriction).

I seen some settings that indicate setting smtpd_recipient_restrictions to block spam sources (http://www.howtoforge.com/block_spam..._level_postfix):
smtpd_recipient_restrictions =
            reject_rbl_client multi.uribl.com,
            reject_rbl_client dsn.rfc-ignorant.org,
            reject_rbl_client dul.dnsbl.sorbs.net,
            reject_rbl_client list.dsbl.org,
            reject_rbl_client sbl-xbl.spamhaus.org,
            reject_rbl_client bl.spamcop.net,
            reject_rbl_client dnsbl.sorbs.net,
            reject_rbl_client cbl.abuseat.org,
            reject_rbl_client ix.dnsbl.manitu.net,
            reject_rbl_client combined.rbl.msrbl.net,
            reject_rbl_client rabl.nuclearelephant.com,
But for my goal, shouldn't I use smtpd_sender_restrictions(http://www.postfix.org/postconf.5.ht...r_restrictions) or smtpd_client_restriction(http://www.postfix.org/postconf.5.ht...t_restrictions)?

smtpd_sender_restrictions, as stated in Postfix website, filters mails based on the MAIL FROM command; This command is easy faked by telneting an open relay and typing in this command, therefore mail cound be sent with a valid MAIL FROM address, for this reason smtpd_sender_restrictions does not seem to be my solution.

The only option left in my hypothesis is to use smtpd_client_restrictions, which for my understanding checks the hostname or IP address of the smtpd client (the other MTA/SMTP connecting to my local smtpd(Postfix) ) in a black list, if listed mail is denied.

Am I correct here ?

Reply With Quote
Sponsored Links


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

All times are GMT +2. The time now is 18:04.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.