Restrictions on recipient addresses
smtpd_recipient_restrictions
This parameter specifies restrictions on recipient addresses that SMTP clients can send in RCPT TO commands.
By default, Postfix relays mail:
* from trusted clients whose IP address matches $mynetworks,
* from trusted clients matching $relay_domains or subdomains thereof,
* from untrusted clients to destinations that match $relay_domains or subdomains thereof, except addresses with sender-specified routing.
The default relay_domains value is $mydestination.
In addition to the above, the Postfix SMTP server by default accepts mail that Postfix is final destination for:
* destinations that match $inet_interfaces,
* destinations that match $mydestination,
* destinations that match $virtual_maps.
These destinations do not need to be listed in $relay_domains.
The following restrictions are available (* is part of default setting):
* *permit_mynetworks: permit if the client address matches $mynetworks.
* reject_unknown_client: reject the request if the client hostname is unknown.
* reject_maps_rbl: reject if the client is listed under $maps_rbl_domains.
* reject_invalid_hostname: reject HELO hostname with bad syntax.
* reject_unknown_hostname: reject HELO hostname without DNS A or MX record.
* reject_unknown_sender_domain: reject sender domain without A or MX record.
* *check_relay_domains: permit only mail:
o to destinations matching $inet_interfaces, $mydestination, or $virtual_maps,
o from trusted clients matching $relay_domains or subdomain thereof,
o from untrusted clients to destinations matching $relay_domains or subdomain thereof (except addresses with sender-specified routing).
Reject anything else.
* permit_auth_destination: permit mail:
o to destinations matching $inet_interfaces, $mydestination, or $virtual_maps,
o to destinations matching $relay_domains or subdomain thereof, except for addresses with sender-specified routing.
* reject_unauth_destination: reject mail unless it is sent
o to destinations matching $inet_interfaces, $mydestination, or $virtual_maps,
o to destinations matching $relay_domains or subdomain thereof, except for addresses with sender-specified routing.
* reject_unauth_pipelining: reject mail from improperly pipelining spamware
* permit_mx_backup: accept mail for sites that list me as MX host.
* reject_unknown_recipient_domain: reject domains without A or MX record.
* check_recipient_access maptype:mapname: look up recipient address, parent domain, or localpart@. Reject if result is REJECT or "[45]xx text". Permit otherwise.
* check_client_access maptype:mapname: see smtpd_client_restrictions.
* check_helo_access maptype:mapname: see smtpd_helo_restrictions.
* check_sender_access maptype:mapname: see smtpd_sender_restrictions.
* reject_non_fqdn_hostname: reject HELO hostname that is not in FQDN form.
* reject_non_fqdn_sender: reject sender address that is not in FQDN form.
* reject_non_fqdn_recipient: reject recipient address that is not in FQDN form.
* reject: reject the request. Place this at the end of a restriction.
* permit: permit the request. Place this at the end of a restriction.
Restrictions are applied in the order as specified; the first restriction that matches wins.
Specify a list of restrictions, separated by commas and/or whitespace. Continue long lines by starting the next line with whitespace.
NOTE: YOU MUST SPECIFY AT LEAST ONE OF THE FOLLOWING RESTRICTIONS OTHERWISE POSTFIX REFUSES TO RECEIVE MAIL:
reject, check_relay_domains, reject_unauth_destination
阅读(659) | 评论(0) | 转发(0) |