 |
| Prev-20 | Home | Next-20 |
| Prev-20 | Home | Next-20 |
| Prev-Msg | Prev-Thread | Postfix-users | Jan-2008 | Next-Thread | Next-Msg |
| Subject: | Re: restrictions |
| Group: | Postfix-users |
| From: | mouss |
| Date: | 14 Jan 2008 |
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Ralph, I didn't want to write to you directly since I know you get
> busy at times and didn't think the query was a serious issue.
>
> I removed the cbl.abuseat.org and fixed the two other entries as
> recommended.
>
> Combining the two affects the GUI and might cause confusion to the
> average user to see the client restrictions empty so leaving them as
> separate entries is probably best unless you can outline why combining
> would be a better option but I doubt my vendor would rewrite the GUI to
> incorporate the changes.
>
which average user?
DNSBL in client restrictions will be queried every time (even if mail
comes from mynetworks, even if it is a relay attempt, ...). By moving
them down enough the chain, you reduce the load on the DNSBL servers.
you can use
smtpd_client_restrictions =
check_client_access $local_black_list_map
(replace $local_bloack_list_map by the correct value)
and tell users this enables checking a local BL.
PS. the permit* in your client restrictions are useless, because the
default in client restrictions is permit.
> Also, the client restrictions can't be left out or entirely blank
> because the GUI inserts the minimum "permit_mynetworks, permit".
the GUI is stupid. This is a sign that the designer/developper is either
lazy or doesn't know his subject. A consequence is that there may be
bugs inside.
| Prev-Msg | Prev-Thread | Postfix-users | Jan-2008 | Next-Thread | Next-Msg |