I'm currently implementing a list of restrictions matching that as suggested by the book "The Book of Postfix" by Ralf Hinderandt and Patrick Koetter. It's currently looking like this:
smtpd_recipient_restrictions =
reject_non_fqdn_recipient
reject_non_fqdn_sender
reject_unknown_sender_domain
reject_unknown_recipient_domain
permit_mynetworks
reject_unauth_destination
reject_multi_recipient_bounce
check_recipient_access hash:/etc/postfix/roleaccount_exceptions
reject_non_fqdn_helo_hostname
reject_invalid_helo_hostname
permit
If I understood well, the standards require that we always accept mail for the abuse and postmaster accounts, also from the empty sender
To comply with it, file /etc/postfix/roleaccount_exceptions has the following map:
postmaster@ OK
abuse@ OK
This is a basic restrictions list without verifying or blocklists, but there are many things I just can't make sense of:
reject_non_fqdn_recipient is before check_recipient_access therefore, if we send a mail to postmaster or abuse it will get rejected there before reaching check_recipient_access (Or it does for abuse but not for postmaster strangely...)- Any invalid hostname I've tried (like
do/main.invalid) gets rejected at reject_non_fqdn_hostname instead of reject_invalid_hostname. Does the second one ever trigger? What's an invalid, yet FQDN hostname?
- I'm never triggering
reject_unknown_recipient_domain, asking for RCPT TO: user@domain.invalid gives me Relay access denied instead of Domain not found, which seems to come from reject_unauth_destination, which is below it.
- Wouldn't the empty sender,
<> get rejected at reject_non_fqdn_sender and thus, break standards compliance?
The book is from 2005 so a lot of things may have changed (for example, it used reject_non_fqdn_hostname and reject_invalid_hostname instead of reject_non_helo_hostname and reject_invalid_helo_hostname) So is this some sort of incompatibility I'm bumping into?
