The "Smtpd etrn restriction" option restricts what clients are allowed to issue the ETRN command. The present Postfix ETRN differs from other ETRN implementations in that it flushes mail for all destinations. This will change in the future.
The default is to allow ETRN from any host. The following restrictions are available:
-reject the request if the client hostname is unknown. -permit if the client address matches "Networks". -check_client_access maptype:mapname -maptype:mapname: look up client name, parent domains, client address, or networks obtained by stripping octets. Reject if result is REJECT or "[45]xx text" Permit otherwise. -reject if the client is listed under Maps rbl domains". -reject the request. Place this at the end of a restriction. -permit the request. Place this at the end of a restriction.
This option sets the "smtpd_etrn_restriction" postfix variable.
The "Smtpd sender restriction" option specifies optional restrictions on sender addresses that SMTP clients can send in MAIL FROM commands.
The default is to permit any sender address. The following restrictions are available:
-permit if the client address matches "Networks". -reject the request if the client hostname is unknown. -reject if the client is listed under $maps_rbl_domains. -reject HELO hostname with bad syntax. -reject HELO hostname without DNS A or MX record. -reject sender domain without A or MX record. -check_sender_access maptype:mapname -maptype:mapname: look up sender address, parent domain, or localpart@. Reject if result is REJECT or "[45]xx text" Permit otherwise. -check_client_access maptype:mapname: see smtpd_client_restrictions. -check_helo_access maptype:mapname: see smtpd_helo_restrictions. -reject HELO hostname that is not in FQDN form -reject sender address that is not in FQDN form -reject the request. Place this at the end of a restriction. -permit the request. Place this at the end of a restriction.
Restrictions are applied in the order as specified; the first restriction that matches wins. This option sets the "smtpd_sender_restriction" postfix variable.
The "Smtpd client restriction" option specifies optional restrictions on SMTP client host names and addresses.
The default is to allow connections from any host. The following restrictions are available:
-reject the request if the client hostname is unknown. -permit if the client address matches "Networks". -check_client_access maptype:mapname -maptype:mapname: look up client name, parent domains, client address, or networks obtained by stripping octets. Reject if result is REJECT or "[45]xx text" Permit otherwise. -reject if the client is listed under $maps_rbl_domains. -reject the request. Place this at the end of a restriction. -permit the request. Place this at the end of a restriction.
Restrictions are applied in the order as specified; the first restriction that matches wins. This option sets the "smtpd_client_restriction" postfix variable.
The smtpd_helo_restrictions parameter specifies optional restrictions on what SMTP clients can send in SMTP HELO and EHLO commands.
The default is to permit everything. The following restrictions are available:
-permit if the client address matches $mynetworks. -reject the request if the client hostname is unknown. -reject if the client is listed under "Maps rbl domains". -reject HELO hostname with bad syntax. -reject HELO hostname without DNS A or MX record. -reject HELO hostname that is not in FQDN form -check_helo_access maptype:mapname -look up HELO hostname or parent domains. Reject if result is REJECT or "[45]xx text" Permit otherwise. -check_client_access maptype:mapname: see "Smtpd client restrictions". -reject the request. Place this at the end of a restriction. -permit the request. Place this at the end of a restriction.
Restrictions are applied in the order as specified; the first restriction that matches wins. This option sets the "smtpd_helo_restrictions" postfix variable.
The "Smtpd recipient restriction" option specifies restrictions on recipient addresses that SMTP clients can send in RCPT TO commands.
By default, Postfix relays mail - from trusted clients whose IP address matches "Networks", - from trusted clients matching "Relay domains" or subdomains thereof, - from untrusted clients to destinations that match "Relay domains" or subdomains thereof, except addresses with sender-specified routing. The default relay_domains value is "Destination".
In addition to the above, the Postfix SMTP server by default accepts mail that Postfix is final destination for: - destinations that match "Network Interface", - destinations that match "Destination" - destinations that match "Virtual maps". These destinations do not need to be listed in "Relay domains".
The following restrictions are available (* is part of default setting):
-*permit if the client address matches $mynetworks. -reject the request if the client hostname is unknown. -reject if the client is listed under $maps_rbl_domains. -reject HELO hostname with bad syntax. -reject HELO hostname without DNS A or MX record. -reject sender domain without A or MX record. -*check_relay_domains: permit only mail - to destinations matching "Network Interface", "Destination", or "Virtual maps", - from trusted clients matching "Relay domains" or subdomain thereof, - from untrusted clients to destinations matching "Relay domains" or subdomain thereof (except addresses with sender-specified routing), Reject anything else. -permit auth destination: permit mail - to destinations matching "Network Interface", "Destination" or "Virtual Maps. - to destinations matching "Relay Domains" or subdomain thereof, except for addresses with sender-specified routing. -reject mail unless it is sent - to destinations matching "Network Interface", "Destination" or $virtual_maps. - to destinations matching $relay_domains or subdomain thereof, except for addresses with sender-specified routing. -reject mail from improperly pipelining spamware -accept mail for sites that list me as MX host. -reject domains without A or MX record. -check_recipient_access maptype:mapname -maptype:mapname: look up recipient address, parent domain, or localpart@. Reject if result is REJECT or "[45]xx text" Permit otherwise. -check_client_access maptype:mapname: see "Smtpd client restrictions". -check_helo_access maptype:mapname: see "Smtpd helo restrictions". -check_sender_access maptype:mapname: see "Smtpd sender restrictions" -reject HELO hostname that is not in FQDN form. -reject sender address that is not in FQDN form. -reject recipient address that is not in FQDN form. -reject the request. Place this at the end of a restriction. -permit the request. Place this at the end of a restriction.
Restrictions are applied in the order as specified; the first restriction that matches wins. This option sets the "smtpd_recipient_restrictions" postfix variable.
NOTE: YOU MUST SPECIFY AT LEAST ONE OF THE FOLLOWING RESTRICTIONS OTHERWISE POSTFIX REFUSES TO RECEIVE MAIL: