[postfix]smtpd_*_restrictions

/usr/sbin/postconf -n
2bounce_notice_recipient = test@domain.example.com
alias_maps = hash:/etc/aliases
biff = no
bounce_notice_recipient = test@domain.example.com
bounce_queue_lifetime = 0
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 10
debug_peer_list = 127.0.0.1,0.0.0.0
error_notice_recipient = test@domain.example.com
header_checks = regexp:/etc/postfix/header_checks
html_directory = no
local_recipient_maps = $virtual_mailbox_maps
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
maps_rbl_domains = dul.ru
mydestination = $myhostname,    localhost.local,    localhost
mydomain = domain.example.com
myhostname = mail.domain.example.com
mynetworks = 127.0.0.0/8,     10.0.0.0/24
mynetworks_style = host
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
notify_classes = 2bounce
queue_directory = /var/spool/postfix
readme_directory = no
relay_domains = $transport_maps
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_client_connection_count_limit = 3
smtpd_client_port_logging = yes
smtpd_client_recipient_rate_limit = 3

smtpd_client_restrictions = 
	permit_sasl_authenticated,
	permit

smtpd_data_restrictions = 
	reject_multi_recipient_bounce,    
	reject_unauth_pipelining

smtpd_delay_reject = yes
smtpd_hard_error_limit = 2
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,    
	permit_sasl_authenticated,    
	reject_invalid_helo_hostname,    
	reject_non_fqdn_helo_hostname,    
	reject_unknown_helo_hostname

smtpd_recipient_restrictions = 
	permit_mynetworks,    
	permit_sasl_authenticated,    
	check_policy_service unix:private/policy,    
	reject_non_fqdn_recipient,    
	reject_unknown_recipient_domain,    
	reject_unauth_destination,    
	warn_if_reject reject_unauth_destination
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = mysql:/etc/postfix/mysql/sasl.cf
smtpd_sender_restrictions = 
	permit_mynetworks,    
	permit_sasl_authenticated,      
	reject_unauthenticated_sender_login_mismatch,    
	reject_non_fqdn_sender,    
	reject_unknown_sender_domain,    
	reject_unlisted_sender,    
	reject_unverified_sender,    
	reject_rbl_client dul.ru,    
	reject_rbl_client bl.spamcop.net,    
	reject_rhsbl_sender dsn.rfc-ignorant.org
smtpd_soft_error_limit = 1
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_use_tls = no
strict_mime_encoding_domain = yes
transport_maps = mysql:/etc/postfix/mysql/transport.cf
unknown_local_recipient_reject_code = 550
unverified_sender_reject_code = 550
virtual_gid_maps = mysql:/etc/postfix/mysql/gid.cf
virtual_mailbox_base = /
virtual_mailbox_maps = mysql:/etc/postfix/mysql/aliases.cf
virtual_uid_maps = mysql:/etc/postfix/mysql/uid.cf

 grep -A1 policy /etc/postfix/master.cf

reject_unauth_destination
     check_policy_service unix:private/policy-spf

strict_rfc821_envelopes = yes
disable_vrfy_command = yes
smtpd_helo_required = yes
smtpd_etrn_restrictions =
        permit_mynetworks,
        reject
smtpd_client_restrictions =
smtpd_helo_restrictions = permit_mynetworks
smtpd_sender_login_maps=ldap:/etc/postfix/ldap/user.cf
smtpd_sender_restrictions =
smtpd_recipient_restrictions =
        permit_sasl_authenticated,
        reject_unauth_destination,
        reject_unauth_pipelining,
        check_client_access hash:/etc/postfix/access_client,
        check_client_access pcre:/etc/postfix/access_client.pcre,
        check_helo_access hash:/etc/postfix/access_helo,
        reject_invalid_helo_hostname,
        reject_non_fqdn_helo_hostname,
        reject_unknown_helo_hostname,
        reject_sender_login_mismatch
        reject_non_fqdn_sender,
        reject_unknown_sender_domain,
        reject_non_fqdn_recipient,
        reject_unknown_recipient_domain,
        reject_unverified_recipient,
        permit


postscreen_access_list = permit_mynetworks
postscreen_dnsbl_threshold = 2
postscreen_dnsbl_sites = zen.spamhaus.org*2 bl.spamcop.net*1 combined.njabl.org*1
postscreen_dnsbl_action = enforce

 cat access_client.pcre
/[ax]dsl.*\..*\..*/i REJECT Your message looks like SPAM
/\.dsl.*\..*\..*/i   REJECT Your message looks like SPAM
/cable.*\..*\..*/i   REJECT Your message looks like SPAM
/client.*\..*\..*/i  REJECT Your message looks like SPAM
/dhcp.*\..*\..*/i    REJECT Your message looks like SPAM
/dial.*\..*\..*/i    REJECT Your message looks like SPAM
/dialup.*\..*\..*/i  REJECT Your message looks like SPAM
/dslam.*\..*\..*/i   REJECT Your message looks like SPAM
/host.*\..*\..*/i    REJECT Your message looks like SPAM
/node.*\..*\..*/i    REJECT Your message looks like SPAM
/pool.*\..*\..*/i    REJECT Your message looks like SPAM
/ppp.*\..*\..*/i     REJECT Your message looks like SPAM
/user.*\..*\..*/i    REJECT Your message looks like SPAM