First page Back Continue Last page Overview Graphics
Default restrictions III
smtpd_sender_restrictions
- none for FJFI domain and sasl authenticated
- reject_unknown_sender_domain (450)
- reject_non_fqdn_sender (504)
- apply this rule also for FJFI domain?
- mailgw append its name (mailgwX.fjfi.cvut.cz)
- illegal FROM address
- check_sender_mx_access (554)
- reject mail with incorrect MX records (private net, ...)
- check_sender_access (554)
- reject mail /(admin|info|support|...)@.*fjfi.cvut.cz/
- dangerous – not used
- reject_unverified_sender (use for selected domains?)
- used only for @fjfi sender from IP outside CTU FNSPE range
Notes:
smtpd_sender_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unknown_sender_domain
check_sender_mx_access cidr:/etc/postfix/mx_access
reject_non_fqdn_sender
check_sender_access pcre:/etc/postfix/sender_access
# reject_unverified_sender (ADDRESS_VERIFICATION_README - not always safe)
# reject_rhsbl_sender dsn.rfc-ignorant.org
# reject_rhsbl_client blackhole.securitysage.com
# reject_rhsbl_sender blackhole.securitysage.com
/etc/postfix/sender_access
# reject mail From: system/admin accounts
# local sending is permitted because of permit_mynetworks
/admin@.*fjfi.cvut.cz/ REJECT You are not allowed to send mail with this address outside fjfi.cvut.cz domain
/administrator@.*fjfi.cvut.cz/ REJECT You are not allowed to send mail with this address outside fjfi.cvut.cz domain
/postmaster@.*fjfi.cvut.cz/ REJECT You are not allowed to send mail with this address outside fjfi.cvut.cz domain
/mailer-daemon@.*fjfi.cvut.cz/ REJECT You are not allowed to send mail with this address outside fjfi.cvut.cz domain
/hostmaster@.*fjfi.cvut.cz/ REJECT You are not allowed to send mail with this address outside fjfi.cvut.cz domain
/info@.*fjfi.cvut.cz/ REJECT You are not allowed to send mail with this address outside fjfi.cvut.cz domain
/mail@.*fjfi.cvut.cz/ REJECT You are not allowed to send mail with this address outside fjfi.cvut.cz domain
/register@.*fjfi.cvut.cz/ REJECT You are not allowed to send mail with this address outside fjfi.cvut.cz domain
/service@.*fjfi.cvut.cz/ REJECT You are not allowed to send mail with this address outside fjfi.cvut.cz domain
/staff@.*fjfi.cvut.cz/ REJECT You are not allowed to send mail with this address outside fjfi.cvut.cz domain
/support@.*fjfi.cvut.cz/ REJECT You are not allowed to send mail with this address outside fjfi.cvut.cz domain
/webmaster@.*fjfi.cvut.cz/ REJECT You are not allowed to send mail with this address outside fjfi.cvut.cz domain
# Do address verification for local senders
# (don't queue mail that's recipient is invalid on final mailserver)
/.*fjfi.cvut.cz/ reject_unverified_sender