smtpd_recipient_restrictions evaluation question

> Hello folks,
>
> I've got some checks setup like that :
>
> smtpd_recipient_restrictions =
>    reject_non_fqdn_sender,
>    reject_unknown_sender_domain,
>    reject_non_fqdn_recipient,
>    reject_unknown_recipient_domain,
>    permit_mynetworks,
>    reject_unauth_destination,
>    reject_invalid_helo_hostname,
>    reject_non_fqdn_helo_hostname,
>    check_helo_access pcre:/etc/postfix/helo_checks.pcre,
>    check_sender_access hash:/etc/postfix/white_senders,
>    check_client_access hash:/etc/postfix/white_clients,
>    check_recipient_access hash:/etc/postfix/white_recipients,
>    reject_rbl_client sbl-xbl.spamhaus.org,

> On Friday 30 October 2009 09:52:44 Simon Morvan wrote:
>    
>> Hello folks,
>>
>> I've got some checks setup like that :
>>
>> smtpd_recipient_restrictions =
>>     reject_non_fqdn_sender,
>>     reject_unknown_sender_domain,
>>     reject_non_fqdn_recipient,
>>     reject_unknown_recipient_domain,
>>     permit_mynetworks,
>>     reject_unauth_destination,
>>     reject_invalid_helo_hostname,
>>     reject_non_fqdn_helo_hostname,
>>     check_helo_access pcre:/etc/postfix/helo_checks.pcre,
>>     check_sender_access hash:/etc/postfix/white_senders,
>>     check_client_access hash:/etc/postfix/white_clients,
>>     check_recipient_access hash:/etc/postfix/white_recipients,
>>     reject_rbl_client sbl-xbl.spamhaus.org,
>>      
> Consider Zen here. It also incorporates the (not-quite-so) new PBL,
> which has been very effective here.
>
>    

>>     reject_rhsbl_sender dsn.rfc-ignorant.org,
>>     check_policy_service inet:10.18.0.100:60000,
>>
>> I notice that event if the recipient address doesn't exists, the
>> check_policy_service (greylist) got evaluated, causing higher load than
>> needed. Isn't reject_unauth_destination there to block inexistent
>> recipients ?
>>      
> If the load of a policy service is a problem for you, you should
> consider increasing your resources, i.e., throw more money at it. :)
> That notwithstanding, I know that's not your real question, which
> appears to be confusion of reject_unauth_destination with
> reject_unlisted_recipient; see:
>
> http://www.postfix.org/postconf.5.html#reject_unlisted_recipient
>    

> Stan Hoeppner put forth on 10/30/2009 2:23 PM:
>
>> I don't have reject_unauth_destination.  I guess which parameter one
>> needs to implement depends on whether one uses local deliver?
>
> Should have proofread that...  I meant I do not have
> reject_unlisted_recipient defined.  However, the docs say it's turned on
> by default, which would explain why my rejections work properly.
>
> http://www.postfix.org/postconf.5.html#reject_unlisted_recipient
>
> smtpd_reject_unlisted_recipient (default: yes)
>
>      Request that the Postfix SMTP server rejects mail for unknown
> recipient addresses, even when no explicit reject_unlisted_recipient
> access restriction is specified. This prevents the Postfix queue from
> filling up with undeliverable MAILER-DAEMON messages.
>
> --
> Stan
>

> On Fri, 30 Oct 2009, Mikael Bak wrote:
>
>> Simon Morvan wrote:
>>> The last time I tried it, Zen included too many legitimate users behind
>>> ADSL lines. The "Policy" behind PBL is a bit too restrictive. Maybe it
>>> changed, I'll give it another try.
>>
>> Can you please tell me why an ADSL user would send legitimate email
>> without using the ISP's SMTP server?
>
> At ths risk of this moving too far away from Postfix, let me just ask if
> you're thinking ADSL means dynamic IP address? There are many legitimate
> mail servers on static IP ADSL lines (including mine) provided by ISPs
> with "servers permitted" policies. Typically these are business-class
> services but not always (my ISP does not distinguish between residential
> and business but their services are not priced for the mass-market
> residential user). Why handle the outgoing mail myself? Better control.
> If there's a problem, it sits on my system where I can see it and deal
> with it, not on my ISP's server where it's invisible to me.
>

> Larry Stone wrote:
>  
>> On Fri, 30 Oct 2009, Mikael Bak wrote:
>>
>>    
>>> Simon Morvan wrote:
>>>      
>>>> The last time I tried it, Zen included too many legitimate users behind
>>>> ADSL lines. The "Policy" behind PBL is a bit too restrictive. Maybe it
>>>> changed, I'll give it another try.
>>>>        
>>> Can you please tell me why an ADSL user would send legitimate email
>>> without using the ISP's SMTP server?
>>>      
>> At ths risk of this moving too far away from Postfix, let me just ask if
>> you're thinking ADSL means dynamic IP address? There are many legitimate
>> mail servers on static IP ADSL lines (including mine) provided by ISPs
>> with "servers permitted" policies. Typically these are business-class
>> services but not always (my ISP does not distinguish between residential
>> and business but their services are not priced for the mass-market
>> residential user). Why handle the outgoing mail myself? Better control.
>> If there's a problem, it sits on my system where I can see it and deal
>> with it, not on my ISP's server where it's invisible to me.
>>
>>    
>
> You are of course right. I ment home ADSL, not static IP business ADSL.
> And yes. We're moving away from postfix :-)
>
> Mikael
>  

> Simon Morvan put forth on 10/31/2009 12:30 PM:
>
>  
>> And why shouldn't be able to use my own mail server behind my private
>> residential ADSL line ?
>>    
>
> You should be able to.  Here's how to implement the outbound mail
> portion to prevent mass rejections:
>
> http://www.hardwarefreak.com/postfix-adsl-relay-config.txt
>
> --
> Stan
>  

> From: Stan Hoeppner <stan@...>
> To: postfix-users@...
> Sent: Sun, November 1, 2009 1:00:30 PM
> Subject: smtpd_recipient_restrictions evaluation question
>
> Simon Morvan put forth on 11/1/2009 4:20 AM:
>
> > That's prevent rejection but also prevent my ability to ensure my
> > freedom to use the network :
> > http://en.wikipedia.org/wiki/Network_neutrality
> >
> > That's will be my last message on-list for this topic but feel free to
> > keep on discuss this off-list :)
>
> Net Neutrality has nothing to do with SMTP receivers.  It has everything
> to do with network carriers and QOS.  You have no inherent right to send
> email to _my_ MX, nor anyone else's.  Your rights end where mine begin.
> If I chose to drop your SMTP connections due to the rDNS name of your
> sending MTA, its status as being listed in the Spamhaus PBL, or any
> other reason, that's my right, and dropping you does not in any way
> infringe upon _your_ rights, because in this case, again, you have no
> rights.
>
> If, after reading this, you feel that receivers who reject mail sent
> directly from your residential IP are infringing upon your rights, then
> we can safely file your comments into the kook folder.
>
> --
> Stan

>Net Neutrality has nothing to do with SMTP receivers.  It has
>everything to do with network carriers and QOS.  You have no inherent
>right to send email to _my_ MX, nor anyone else's.  Your rights end
>where mine begin.
> If I chose to drop your SMTP connections due to the rDNS name of your
>sending MTA, its status as being listed in the Spamhaus PBL, or any
>other reason, that's my right, and dropping you does not in any way
>infringe upon _your_ rights, because in this case, again, you have no
>rights.
>
>If, after reading this, you feel that receivers who reject mail sent
>directly from your residential IP are infringing upon your rights, then
>we can safely file your comments into the kook folder.

> ----- Original Message ----
>
>  
>> From: Stan Hoeppner <stan@...>
>> To: postfix-users@...
>> Sent: Sun, November 1, 2009 1:00:30 PM
>> Subject: smtpd_recipient_restrictions evaluation question
>>
>> Simon Morvan put forth on 11/1/2009 4:20 AM:
>>
>>    
>>> That's prevent rejection but also prevent my ability to ensure my
>>> freedom to use the network :
>>> http://en.wikipedia.org/wiki/Network_neutrality
>>>
>>> That's will be my last message on-list for this topic but feel free to
>>> keep on discuss this off-list :)
>>>      
>> Net Neutrality has nothing to do with SMTP receivers.  It has everything
>> to do with network carriers and QOS.  You have no inherent right to send
>> email to _my_ MX, nor anyone else's.  Your rights end where mine begin.
>> If I chose to drop your SMTP connections due to the rDNS name of your
>> sending MTA, its status as being listed in the Spamhaus PBL, or any
>> other reason, that's my right, and dropping you does not in any way
>> infringe upon _your_ rights, because in this case, again, you have no
>> rights.
>>
>> If, after reading this, you feel that receivers who reject mail sent
>> directly from your residential IP are infringing upon your rights, then
>> we can safely file your comments into the kook folder.
>>
>> --
>> Stan
>>    
>
> Very well said Stan.  Residential IP's are common to be malware infected with malware that sends itself out via its own SMTP program, and as such should be stopped.  
>
> Thanks,
> Dan
>
>
>
>      
>  

> From: Simon Morvan <garphy@...>
> To: postfix-users@...
> Sent: Sun, November 1, 2009 2:37:14 PM
> Subject: Re: smtpd_recipient_restrictions evaluation question
>
> Daniel V. Reinhardt a écrit :
> > ----- Original Message ----
> >
> >  
> >> From: Stan Hoeppner
> >> To: postfix-users@...
> >> Sent: Sun, November 1, 2009 1:00:30 PM
> >> Subject: smtpd_recipient_restrictions evaluation question
> >>
> >> Simon Morvan put forth on 11/1/2009 4:20 AM:
> >>
> >>    
> >>> That's prevent rejection but also prevent my ability to ensure my
> >>> freedom to use the network :
> >>> http://en.wikipedia.org/wiki/Network_neutrality
> >>>
> >>> That's will be my last message on-list for this topic but feel free to
> >>> keep on discuss this off-list :)
> >>>      
> >> Net Neutrality has nothing to do with SMTP receivers.  It has everything
> >> to do with network carriers and QOS.  You have no inherent right to send
> >> email to _my_ MX, nor anyone else's.  Your rights end where mine begin.
> >> If I chose to drop your SMTP connections due to the rDNS name of your
> >> sending MTA, its status as being listed in the Spamhaus PBL, or any
> >> other reason, that's my right, and dropping you does not in any way
> >> infringe upon _your_ rights, because in this case, again, you have no
> >> rights.
> >>
> >> If, after reading this, you feel that receivers who reject mail sent
> >> directly from your residential IP are infringing upon your rights, then
> >> we can safely file your comments into the kook folder.
> >>
> >> --
> >> Stan
> >>    
> >
> > Very well said Stan.  Residential IP's are common to be malware infected with
> malware that sends itself out via its own SMTP program, and as such should be
> stopped.  
> >
> > Thanks,
> > Dan
> >
> >
> >
> >      
> >  
> And how am I supposed to send mail from my own mail server if I don't
> trust my ISP mail relay nor have $$$ to have a colo space and my own IP
> space ?
>
> And, Stan, you refuse mails from my ISP mail relay... (the second
> biggest in France...)
>
> --
> Simon