On Tue, 25 Jul 2006, Philip Hazel wrote:
> On Mon, 24 Jul 2006, Marc Haber wrote:
>
> > I think that the same can be accomplished with the following ACL:
I suggest moving the anti-relaying check earlier, since it is very cheap.
> > (1) Accept local SMTP
> > (2) Deny restricted characters in recipient addresses
> > (3) Accept postmaster
> > (4) Verify Sender
> > (5) Accept relay_from_hosts
> > (6) Accept authenticated
require
message = Relaying is not permitted
domains = +local_domains : +relay_to_domains
> > (7) Deny invalid recipients ("deny !verify=recipient")
I have recipient verification after hte anti-spam checks, because it is
expensive for me - we use call-forward verification for addresses at
internal mail servers.
> > (8) DNS Black Lists
> > (9) CSA
accept everything at the end.
Tony.
--
<fanf@???> <dot@???>
http://dotat.at/ ${sg{\N${sg{\
N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\
\N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}
