83 lines
6.1 KiB
HTML
83 lines
6.1 KiB
HTML
<header>Restrictions on recipient addresses</header>
|
||
<center><tt translate="no">smtpd_recipient_restrictions</tt></center>
|
||
<hr>
|
||
This parameter specifies restrictions on recipient addresses that SMTP clients
|
||
can send in RCPT TO commands.
|
||
<p>
|
||
<include relay_rules>
|
||
These destinations do not need to be listed in
|
||
<a href=opt_relay_domains><tt translate="no">$relay_domains</tt></a>.
|
||
<p>
|
||
The following restrictions are available (* is part of default setting):
|
||
<ul>
|
||
<li> <tt translate="no">*permit_mynetworks:</tt> permit if the client address matches
|
||
<a href=opt_mynetworks><tt translate="no">$mynetworks</tt></a>.
|
||
<li> <tt translate="no">reject_unknown_client:</tt> reject the request if the client hostname is unknown.
|
||
<li> <tt translate="no">reject_maps_rbl:</tt> reject if the client is listed under
|
||
<a href=opt_maps_rbl_domains><tt translate="no">$maps_rbl_domains</tt></a>.
|
||
<li> <tt translate="no">reject_invalid_hostname:</tt> reject HELO hostname with bad syntax.
|
||
<li> <tt translate="no">reject_unknown_hostname:</tt> reject HELO hostname without DNS A or MX record.
|
||
<li> <tt translate="no">reject_unknown_sender_domain:</tt> reject sender domain without A or MX record.
|
||
<li> <tt translate="no">*check_relay_domains:</tt> permit only mail:
|
||
<ul>
|
||
<li> to destinations matching
|
||
<a href=opt_inet_interfaces><tt translate="no">$inet_interfaces</tt></a>,
|
||
<a href=opt_mydestination><tt translate="no">$mydestination</tt></a>,
|
||
or <a href=opt_virtual_maps><tt translate="no">$virtual_maps</tt></a>,
|
||
<li> from trusted clients matching
|
||
<a href=opt_relay_domains><tt translate="no">$relay_domains</tt></a> or subdomain
|
||
thereof,
|
||
<li> from untrusted clients to destinations matching
|
||
<a href=opt_relay_domains><tt translate="no">$relay_domains</tt></a> or
|
||
subdomain thereof (except addresses with sender-specified routing).
|
||
</ul>
|
||
Reject anything else.
|
||
<li> <tt translate="no">permit_auth_destination:</tt> permit mail:
|
||
<ul>
|
||
<li> to destinations matching
|
||
<a href=opt_inet_interfaces><tt translate="no">$inet_interfaces</tt></a>,
|
||
<a href=opt_mydestination><tt translate="no">$mydestination</tt></a>,
|
||
or <a href=opt_virtual_maps><tt translate="no">$virtual_maps</tt></a>,
|
||
<li> to destinations matching
|
||
<a href=opt_relay_domains><tt translate="no">$relay_domains</tt></a> or subdomain
|
||
thereof, except for addresses with sender-specified routing.
|
||
</ul>
|
||
<li> <tt translate="no">reject_unauth_destination:</tt> reject mail unless it is sent
|
||
<ul>
|
||
<li> to destinations matching
|
||
<a href=opt_inet_interfaces><tt translate="no">$inet_interfaces</tt></a>,
|
||
<a href=opt_mydestination><tt translate="no">$mydestination</tt></a>,
|
||
or <a href=opt_virtual_maps><tt translate="no">$virtual_maps</tt></a>,
|
||
<li> to destinations matching
|
||
<a href=opt_relay_domains><tt translate="no">$relay_domains</tt></a> or subdomain
|
||
thereof, except for addresses with sender-specified routing.
|
||
</ul>
|
||
<li> <tt translate="no">reject_unauth_pipelining:</tt> reject mail from improperly pipelining spamware
|
||
<li> <tt translate="no">permit_mx_backup:</tt> accept mail for sites that list me as MX host.
|
||
<li> <tt translate="no">reject_unknown_recipient_domain:</tt> reject domains without A or MX record.
|
||
<li> <tt translate="no">check_recipient_access maptype:mapname:</tt> look up recipient address, parent domain, or localpart@.
|
||
Reject if result is REJECT or "[45]xx text".
|
||
Permit otherwise.
|
||
<li> <tt translate="no">check_client_access maptype:mapname:</tt> see
|
||
<a href=opt_smtpd_client_restrictions>smtpd_client_restrictions</a>.
|
||
<li> <tt translate="no">check_helo_access maptype:mapname:</tt> see
|
||
<a href=opt_smtpd_helo_restrictions>smtpd_helo_restrictions</a>.
|
||
<li> <tt translate="no">check_sender_access maptype:mapname:</tt> see
|
||
<a href=opt_smtpd_sender_restrictions>smtpd_sender_restrictions</a>.
|
||
<li> <tt translate="no">reject_non_fqdn_hostname:</tt> reject HELO hostname that is not in FQDN form.
|
||
<li> <tt translate="no">reject_non_fqdn_sender:</tt> reject sender address that is not in FQDN form.
|
||
<li> <tt translate="no">reject_non_fqdn_recipient:</tt> reject recipient address that is not in FQDN form.
|
||
<li> <tt translate="no">reject:</tt> reject the request. Place this at the end of a restriction.
|
||
<li> <tt translate="no">permit:</tt> permit the request. Place this at the end of a restriction.
|
||
</ul>
|
||
Restrictions are applied in the order as specified; the first
|
||
restriction that matches wins.
|
||
<p>
|
||
Specify a list of restrictions, separated by commas and/or whitespace.
|
||
Continue long lines by starting the next line with whitespace.
|
||
<p>
|
||
NOTE: YOU MUST SPECIFY AT LEAST ONE OF THE FOLLOWING RESTRICTIONS
|
||
OTHERWISE POSTFIX REFUSES TO RECEIVE MAIL:
|
||
<br>
|
||
<tt translate="no">reject, check_relay_domains, reject_unauth_destination</tt>
|
||
<hr> |