I am experimenting with Postfix relaying. I am encountering a situation where I believe, on admittedly limited evidence, that a message should be rejected because there are no entries in the relay_domains map and yet it is forwarded to its final destination nonetheless.
example.com has MX host2.local.tld The delivery path looks like this: host1.outside.tld (SM) --> host2.local.tld (PF) host2 (PF) (has relay_domains entry) "example.com -" (has transport entry) "example.com relay:[host3.local.tld]" host2 (PF) --> host3 (PF) host3 (PF) (has no local domains) (has no relay_domains) (has no virtual aliases for example.com) (has transport entry) "example.com relay:[host4.local.tld]" host3 (PF) --> host4 (SM) host4 (SM) is the usual final delivery host for example.com but is not listed as an MX for example.com. Host4 does not accept connections from outside its local network segment (IP:a.b.c.0/192). Host2 and host3 are both on the same segment as host4. On host3, both etc/postfix/virtual_aliases_regexp and /etc/postfix/virtual_aliases are empty files as is /etc/postfix/virtual_domains. None of the aliases files contain any reference to example.com. Given what I have read, with this configuration I expect that host3 should reject mail for example.com relayed from host2. But it does not, it accepts it and forwards it on to host4. The forwarding from host3 to host4 I expect given that message was accepted by host3. What I do not understand is why it was accepted by host3 to begin with. Can someone explain this to me? postconf -n alias_database = hash:/etc/postfix/aliases.sysadmin,hash:/etc/postfix/aliases.domains,hash:/etc/postfix/aliases.main alias_maps = hash:/etc/postfix/aliases.sysadmin,hash:/etc/postfix/aliases.domains,hash:/etc/postfix/aliases.main command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 html_directory = no inet_interfaces = $myhostname, localhost inet_protocols = all mail_spool_directory = /var/spool/mail mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man newaliases_path = /usr/bin/newaliases.postfix propagate_unmatched_extensions = canonical, virtual readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES recipient_delimiter = + relay_domains = hash:/etc/postfix/relay_domains relayhost = host2.local.tld sample_directory = /usr/share/doc/postfix-2.6.6/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop soft_bounce = yes transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 550 virtual_alias_domains = hash:/etc/postfix/virtual_domains virtual_alias_maps = regexp:/etc/postfix/virtual_aliases_regexp,hash:/etc/postfix/virtual_aliases -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:byrn...@harte-lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3
