On 06/03/2013 12:44 PM, Peter wrote:
What you want instead is to move permit_mynetworks to the end of the
list and follow it by reject:
smtpd_recipient_restrictions =
reject_unauth_pipelining,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
check_recipient_access = hash:/etc/postfix/recipient_access,
permit_mynetworks,
reject
One thing I should note here. If you do the above make certain that
none of the entries in /etc/postfix/recipient_access return OK (or 2xx),
if they do then any message to that recipient will bypass
permit_mynetworks and be accepted regardless of the source. If you are
running postfix >= 2.10 then a safer way would be to do:
smtpd_recipient_restrictions =
permit_mynetworks,
reject
smtpd_relay_restrictions =
reject_unauth_pipelining,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
check_recipient_access = hash:/etc/postfix/recipient_access
...then if the client is not in mynetworks it will be rejected
regardless of what any other restrictions return.
Peter
