On 06/01/2013 08:53 AM, Jason Price wrote:
#smtpd_recipient_restrictions = permit_mynetworks,
# reject_unauth_pipelining,
# reject_non_fqdn_recipient,
# reject_unknown_recipient_domain,
# check_recipient_access =
hash:/etc/postfix/recipient_access,
# permit
That's wrong becuase (1) you are not doing further filtering for
anything that is in mynetworks and (2) if it weren't for postfix
requiring some form of reject at the end anything that is not in
mynetworks gets a free pass (open relay) unless it is rejected by one of
the other filters.
What you want instead is to move permit_mynetworks to the end of the
list and follow it by reject:
smtpd_recipient_restrictions =
reject_unauth_pipelining,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
check_recipient_access = hash:/etc/postfix/recipient_access,
permit_mynetworks,
reject
Peter
