postfixアクセス制御まわり

RBL、SORBSは厳しすぎて(gmailのoutgoingすら排除とは…)、今のところこうなった

smtpd_helo_required = yes
disable_vrfy_command = yes

smtpd_client_restrictions =
        permit_mynetworks
        reject_unknown_reverse_client_hostname
        check_client_access pcre:/etc/postfix/client_access
        reject_unknown_client_hostname

smtpd_helo_restrictions =
        permit_mynetworks
        reject_invalid_helo_hostname
        reject_non_fqdn_helo_hostname
        #reject_unknown_helo_hostname # vector.co.jp...

smtpd_data_restrictions =
        permit_mynetworks
        reject_unauth_pipelining

smtpd_sender_restrictions =
        permit_mynetworks
        reject_non_fqdn_sender
        check_sender_access pcre:/etc/postfix/sender_access
        reject_unknown_sender_domain

smtpd_relay_restrictions =
        permit_mynetworks
        defer_unauth_destination

smtpd_recipient_restrictions =
        permit_mynetworks
        reject_unauth_destination
        reject_non_fqdn_recipient
        check_recipient_access pcre:/etc/postfix/recipients_access
        reject_unknown_recipient_domain
        reject_unverified_recipient
        reject_rbl_client bl.spamcop.net
        #reject_rbl_client dnsbl.sorbs.net # rejects google smtp
        reject_rbl_client zen.spamhaus.org
        reject_rbl_client b.barracudacentral.org
        reject_rhsbl_sender spam.dnsbl.sorbs.net
        #reject_rhsbl_sender dbl.spamhaus.org
        reject_rhsbl_sender zen.spamhaus.org

address_verify_negative_expire_time = 30d
address_verify_negative_refresh_time = 1d
address_verify_positive_expire_time = 300d
address_verify_positive_refresh_time = 30d
unverified_recipient_reject_code = 550