>> am i allowed to ask why disabling smtpd_relay_restrictions only on >> submission? >> & >> is this really the way to use it? ( in master.cf ?) > > This is not good general advice. A properly-configured > smtpd_relay_restrictions should not interfere with submission, and > is not used by pickup (since it's not SMTP). > > The intention of smtpd_relay_restrictions is to be a last-ditch > anti-relay rule to prevent accidents from a misconfigured > smtpd_recipient_restrictions. As such, it should be as bare-bones as > possible, containing ONLY rules related to relaying and not > encumbered with anti-spam or other access rules. > > I expect 99%+ of postfix sites can safely set it to > > # main.cf > smtpd_relay_restrictions = > permit_mynetworks, > # uncomment next line if using SASL > # permit_sasl_authenticated, > reject_unauth_destination > > and leave it at that, with no changes to existing rules. The same > smtpd_relay_restrictions setting should work for > smtp/submission/smtps, so no overrides should be needed in master.cf. > > The only place this won't work correctly is sites doing something > "odd" in smtpd_recipient_restrictions to allow relay from > unauthenticated clients who are not in $mynetworks. > > I've also seen some people suggest that reject_unauth_destination > should be removed from smtpd_recipient_restrictions. I disagree > with that advice too. While technically correct that > reject_unauth_destination is no longer required, there is no general > benefit in removing it except possibly those very few sites with > complex relay rules.
I've been running like this: # main.cf smtpd_recipient_restrictions = reject_unauth_destination,permit smtpd_relay_restrictions = # master.cf submission inet n - n - - smtpd -o smtpd_sasl_auth_enable=yes -o smtpd_recipient_restrictions=permit_mynetworks,reject_plaintext_session,permit_sasl_authenticated,reject I tried switching to the following in main.cf: smtpd_relay_restrictions = permit_mynetworks,permit_sasl_auth but I started getting messages like this in the log: warning: unknown smtpd restriction: "permit_sasl_auth" 451 4.3.5 Server configuration error - Grant
