Peter L. Berghold wrote: > Brian Evans - Postfix List wrote: > > > Without a current 'postconf -n', no one here can tell you. > [...] > relay_domains = bayshoredogclub.org, > berghold.net,agilitystewards.org,localhost
No relay_recipient_maps could make you an (out|back)scatter source. > smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, > reject_unknown_hostname > The problem comes from reject_unknown_hostname in this case. You don't have a check_helo_access map before it to whitelist the client in question. > smtpd_recipient_restrictions = check_sender_access > hash:/etc/postfix/access, permit_mynetworks, > permit_sasl_authenticated, reject_unauth_destination, > reject_unauth_pipelining, reject_non_fqdn_sender, > reject_non_fqdn_recipient, reject_unknown_recipient_domain, > reject_invalid_hostname, reject_rbl_client blackholes.easynet.nl, > reject_rbl_client cbl.abuseat.org, reject_rbl_client bl.spamcop.net, > reject_rbl_client sbl.spamhaus.org, reject_rbl_client > opm.blitzed.org, reject_rbl_client dnsbl.njabl.org, > reject_rbl_client list.dsbl.org, reject_rbl_client multihop.dsbl.org, > permit BTW, since you are using check_sender_access, this only ever matches ENVELOPE sender, never which machine is doing the sending. In addition, putting the check BEFORE reject_unauth_destination with an OK makes you an open relay for any forged domains in that access file. Also, opm.blitzed.org and *.dsbl.org are dead, remove those checks to save a little overhead and possible false positives in the future. Brian
