On 5/31/2013 2:06 PM, Ben Johnson wrote: > Okay. I understand. The implication here is that it doesn't matter > whether the user-agent connects directly to my server via SMTP to > delivery mail to my users, or he connects through his ISP's SMTP server > to do the same. Correct?
Correct. By default, postfix accepts inbound mail from any client because there is no fool-proof way to determine if some random client is authorized to send mail. SPF (not enabled by default) attempts to do this, but is far from perfect. Black-lists (not enabled by default) attempt to list known-bad clients; obviously these lists can never be complete. Postfix can be configured to reject mail from unknown local accounts. This is not enabled by default. See http://www.postfix.org/postconf.5.html#reject_unlisted_sender http://www.postfix.org/postconf.5.html#smtpd_reject_unlisted_sender > >>> >>> Postfix "postfinger" output for this server (prior to closing this "hole"): >>> >>> http://pastebin.com/QGE3cah5 >> >> ... mail_version = 2.7.0 >> >> This postfix version does not support smtpd_relay_restrictions, and >> will not complain about unknown parameters defined in main.cf. >> > > It would be nice if the Postfix manual reflected this fact. The manual > states, "This feature is available in Postix 2.10 and later." "... available in Postfix X and later" seems pretty unambiguous, regardless if postfix gives an error or not. The BUGS section in the postconf(1) man page supplied with your postfix says something about not reporting unknown parameters defined in main.cf. This was corrected in postfix 2.9. -- Noel Jones
