Amaru Netapshaak wrote:
Hello,
I have implemented the "recipient_relay_map" in main.cf, and have my
email server & gateway automatically building a fresh recipient hash
every hour.. yet, it doesnt work. If I create an account on my internal
email server, and dont put that address in my hash, the account can still
receive email.
Here is my postconf -n info:
biff = no
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
default_destination_concurrency_limit = 20
default_privs = nobody
fast_flush_domains = $relay_domains
html_directory = no
in_flow_delay = 1s
inet_interfaces = all
local_destination_concurrency_limit = 5
local_recipient_maps =
local_transport = local
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
mydestination = $myhostname, XXX.com, localhost, localhost.$mydomain
mydomain = XXX.com
myhostname = XXX.com
mynetworks = XXX.XXX.XXX.XXX/24, 127.0.0.0/8
myorigin = $myhostname
newaliases_path = /usr/bin/newaliases
notify_classes = protocol, resource, software
queue_directory = /var/spool/postfix
readme_directory = no
relay_domains = hash:/etc/postfix/relay_domains
relay_recipient_maps = hash:/etc/postfix/relay_recipients
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_banner = $myhostname ESMTP
smtpd_recipient_restrictions = permit_mynetworks,
reject_unauth_destination, reject_non_fqdn_recipient,
check_policy_service inet:127.0.0.1:10023
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
I have obfuscated my hostnames and IP addresses for security.
My instinct tells me this has something to do with the fact that im
specifying
"relay_domains" AND "recipient_relay_maps", but maybe im missing
somethign in the documentation?
[please don't top post]
No, you must specify both relay_domains - to tell postfix
which domains to relay for - and relay_recipient_maps - to
tell postfix which users are valid in those domains.
Recipient validation can be broken by wildcard entries in
sender_canonical_maps, recipient_canonical_maps,
canonical_maps or virtual_alias_maps, or by a domain wildcard
in relay_recipient_maps.
It doesn't appear you are using *canonical_maps or
virtual_alias_maps, so I assume you have a wildcard entry in
your relay_recipient_maps. Don't do that.
http://www.postfix.org/postconf.5.html#relay_recipient_maps
If you need more help, show unmodified logs.
http://www.postfix.org/DEBUG_README.html#mail
--
Noel Jones
