On Fri, 11 Sep 2009, Sahil Tandon wrote:
The list of CIDR IP ranges to relay for is in the mynetworks variable,
so I can't do the recipient domain verification in
"smtpd_recipient_restrictions" because I need "permit_mynetworks", so
that my networks can relay through the box! permit_mynetworks skips the
other checks for those networks.
Why don't you reject_unknown_recipient_domain BEFORE permitting your networks
(and/or SASL authenticated clients) in smtpd_recipient_restrictions?
I tried putting "permit_mynetworks" at the end of the
smtpd_recipient_restrictions instead, but it still just allows all
relaying from mynetworks:
smtpd_recipient_restricions = reject_unauth_destination, reject_non_fqdn_recipient, reject_unknown_recipient_domain,
permit_mynetworks
Am I doing something wrong?
It seems to me that the restrictions aren't processed in the order that
you specify them on the smtpd_recipient_restrictions line? :)
So, how do I make mynetworks exempt from the
smtpd_recipient_restrictions, yet make mynetworks able to relay through
the box?
Huh?
As an aside, you appear to be confused by how Postfix processes various
restriction lists. Just because a client is OK'd in
smtpd_recipient_restrictions does NOT mean that client gets a free pass
through smtpd_data_restrictions or any following restrictions in the SMTP
conversation.
I think I may be getting confused.
My simple goal is to allow "mynetworks" to send to all domains through my
box, but also perform sender/recipient domain checking for these clients.
Are you able to help?
Cheers!
Duncan
