The default for smtpd_reject_unlisted_recipient is yes. How does that affect using reject_unlisted_recipient in smtpd_recipient_restrictions? Does it mean it is effectively included whether you include it or not? I presume I still need to list other things like "smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated" so I don't see the point in having a separate smtpd_reject_unlisted_recipient.
I had "smtpd_reject_unlisted_recipient = yes" but it doesn't seem to work (it still accepts mail for unknown/non-existent recipients and sends a bounce back). This is not the only variation I have tried, but here is where I am at the moment: alias_database = cdb:/etc/postfix/aliases alias_maps = cdb:/etc/aliases command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/lib/postfix data_directory = /var/lib/postfix default_destination_concurrency_limit = 2 default_privs = nobody in_flow_delay = 1s inet_protocols = ipv4, ipv6 local_destination_concurrency_limit = 2 mail_owner = postfix mydomain = DOMAIN.NAME myhostname = mx.DOMAIN.NAME mynetworks = 127.0.0.0/8, 172.16.0.0/12, [::1]/128, [fcca::]/7, [fe80::]/48 myorigin = $mydomain proxy_interfaces = FIRE.WALL.IP.ADDR queue_directory = /var/spool/postfix recipient_delimiter = + smtp_bind_address = 172.30.0.25 smtp_bind_address6 = fcca::25 smtpd_banner = $myhostname ESMTP - UNSOLICITED BULK OR ILLEGAL EMAIL IS STRICTLY PROHIBITED smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination reject_unknown_recipient_domain reject_unverified_recipient smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/dovecot-auth smtpd_sasl_type = dovecot smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/ssl/certs/smtp.DOMAIN.NAME.crt smtpd_tls_key_file = /etc/ssl/private/smtp.DOMAIN.NAME.key smtpd_tls_security_level = may soft_bounce = yes unknown_local_recipient_reject_code = 450 unverified_recipient_reject_code = 450 virtual_alias_maps = cdb:/etc/postfix/virtual virtual_mailbox_domains = /etc/postfix/domains virtual_transport = dovecot
