On 5/28/2013 1:38 PM, Wietse Venema wrote: > Viktor Dukhovni: >> On Tue, May 28, 2013 at 01:18:25PM -0400, Wietse Venema wrote: >> >>> I strongly suggest that you swap the order of the following >>> two rules in main.cf: >>> >>> check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, >>> reject_unauth_destination, >>> >>> This should be: >>> >>> reject_unauth_destination, >>> check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, >>> >>> Many open relay problems are caused by having an access table >>> before reject_unauth_destination. >> >> Indeed the second form is safer, and equivalent provided all the >> recipients are in a domain that is not rejected by >> reject_unauth_destination. >> >> Though in this case it is a *recipient* check, so problems are unlikely, >> unless the table includes unintended remote addresses. Unlike sender >> addresses, recipient addresses are not subject to "forgery". > > There is no need to forge "u...@yahoo.com" if a spammer really > wants to send mail there :-) > > Wietse >
Thanks, Wietse. Regarding your first reply, I've reviewed the information at http://www.postfix.org/DEBUG_README.html#mail and will do my best to adhere to protocol going forward. (That was my first post; sincere apologies.) I have re-ordered those two rules and will post back if that doesn't solve the problem. I really appreciate your time and assistance. Best regards, -Ben
