b...@indietorrent.org:
> For the sake of thoroughness, and because I'm expected to perform a
> root-cause-analysis, I'm following-up on this after noticing that there was
> a missing comma in the smtpd_recipient_restrictions directive (after
> check_recipient_access on the third line):
>
> smtpd_recipient_restrictions =
> permit_mynetworks,
> permit_sasl_authenticated,
For posteriority (i.e. people who find this with a search engine),
replace these three lines:
> check_recipient_access
> mysql:/etc/postfix/mysql-virtual_recipient.cf,
> reject_unauth_destination,
with these three lines:
> reject_unauth_destination,
> check_recipient_access
> mysql:/etc/postfix/mysql-virtual_recipient.cf,
As that prevents unexpected open relay problems.
> reject_invalid_hostname,
> reject_non_fqdn_hostname,
> reject_non_fqdn_sender,
> reject_non_fqdn_recipient,
> reject_unknown_sender_domain,
> reject_unknown_recipient_domain,
> reject_unauth_destination,
> reject_rbl_client bl.spamcop.net,
> reject_rbl_client zen.spamhaus.org
>
> Even though the problem seems to be resolved after adding the comma and
> swapping the two items as Wietse suggested, what would be the net-result of
> the missing comma in my version of Postfix (2.7.0)? Would the entire list
> of smtpd_recipient_restrictions be ignored? (That would certainly explain
> why a bot was able to relay hundreds of thousands of messages the course of
> a few days.)
The comma is treated here as whitespace.
Wietse
