SteveJ's Postfix SMTPD Restrictions

Postfix SMTPD Restrictions

# SMTPD Restrictions v2015-06-02
# NOTE: Overiding restrictions are in master.cf for submission and other services

smtpd_helo_required = yes
disable_vrfy_command = yes

smtpd_recipient_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
        permit_dnswl_client list.dnswl.org=127.0.[2..14].[2..3],
        reject_invalid_helo_hostname,
        warn_if_reject reject_unknown_helo_hostname,
        warn_if_reject reject_non_fqdn_helo_hostname,
        reject_unknown_reverse_client_hostname,
        check_reverse_client_hostname_access pcre:/etc/postfix/fqrdns.pcre,
        check_helo_access hash:/etc/postfix/helo_access,
        check_sender_access hash:/etc/postfix/sender_access,
        reject_rbl_client zen.spamhaus.org=127.0.0.[2..255],
        reject_rhsbl_client dbl.spamhaus.org=127.0.1.[2..99],
        reject_rhsbl_sender dbl.spamhaus.org=127.0.1.[2..99],
        reject_rhsbl_helo dbl.spamhaus.org=127.0.1.[2..99],
        permit

smtpd_relay_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_unauth_destination

smtpd_data_restrictions = reject_unauth_pipelining