On 4/14/2012 12:39 PM, Raven wrote: > On Sat, 2012-04-14 at 12:17 -0500, Noel Jones wrote: >> On 4/14/2012 2:49 AM, Raven wrote:
>>> postconf -n: >> ... >>> smtpd_recipient_restrictions = permit_mynetworks, >>> permit_sasl_authenticated, >> >> reject_unauth_destination should go here unless you have a really >> good reason. >> http://www.postfix.org/SMTPD_ACCESS_README.html#danger >> > > Duly noted. Thanks. > >> >>> check_client_access >>> cidr:/etc/postfix/cidr_checks, check_recipient_access >>> regexp:/etc/postfix/accounts_regex, check_recipient_access >>> mysql:/etc/postfix/mysql-virtual_blocked.cf, check_policy_service >>> inet:127.0.0.1:2501, >> >> Maybe one of these maps OKed either the client or recipient. >> > > Spot on! Couple months ago I had whitelisted gmail's outbound ranges > after they ended up on some rbl, and they were still there > Please realize that due to the misplacement of reject_unauth_destination noted above, you are an open relay for any client in your whitelist. Whitelists in smtpd_recipient_restrictions *must* come after reject_unauth_destination. -- Noel Jones
