On Tue, Jan 16, 2024 at 06:12:58PM +0100, Marc Dierksen via Postfix-users wrote:
> I am running Postfix 3.5.23 on Debian 11 as an edge mailserver that accepts
> mails on port 25 for a list of domains defined as relay_domains in the
> main.cf.
>
> I am currently trying to setup a second smtpd process on port 587 that
> accepts mails only for local recipients.
>
> If I set relay_domains to empty in the main.cf it works as expected.
The classification of input addresses into address classes as part of
transport resolution happens in trivial-rewrite(8). This is why
changing relay_domains in smtpd(8) is ineffective.
> So it seems to me the '-o relay_domains=' parameter for smtpd does not work
> correctly.
It works correctly, as intended. It does not seem to make much sense to
restrict submission on port 587 for a subset of addresses that any
unauthenticated external sender can target. Your "restricted" users
could just send to port 25 instead!
That said, if this is what you actually need, instead of trying to set
an empty list of relay domains, set an empty list of valid relay
recipients, which is checked in smtpd(8):
master.cf:
submission inet ... smtpd
-o { relay_recipient_maps = inline:{@=@} }
...
because just "@" is never going to be a lookup key for a relay recipient
address. While an empty key is even more strongly never used, and the
form "inline:{=}" is presently accepted, I expect this is not
intentional. It would have to be documented, otherwise, at some point,
Postfix might reject empty keys in inline table definitiions.
--
Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
