On Fri, Oct 18, 2013 at 01:24:09PM -0500, Noel Jones wrote:
> > smtpd_recipient_restrictions = reject_unlisted_recipient,
> > reject_unknown_recipient_domain, check_recipient_access
> > hash:/etc/postfix-internal/recipient_access,
> > permit_sasl_authenticated, permit_mynetworks, reject
>
> The only way an unauthenticated, not-mynetworks client can make it
> through the above is if the check_recipient_access map returns OK.
> Otherwise they get a generic 550 "Access denied" from the final reject.
>
> You have a lurking open relay problem, but are saved by the
> smtpd_relay_restrictions safety net. Fix the problem before it gets
> to the safety net.
No. Rather, smtpd_relay_restrictions is evaluated (as documented)
before smtpd_recipient_restrictions.
--
Viktor.
