Thanks so much for the helpful response - just wanted to make sure I was heading in the right direction, and this was exactly what I needed.
On Wed, Jul 23, 2014 at 10:51:41AM -0500, Noel Jones wrote: > > My thought was that maybe I should do something like this instead: > > > > reject_non_fqdn_recipient, > > Be careful about rejecting mail from your own users/networks. Some > desktop mail clients misbehave when the mail is rejected, either > sending confusing messages to the user or continually retrying. I had omitted some of the full restrictions for terseness and clarity, but there is a 'permit_sasl_authenticated' early in the restrictions. End-users are supposed to use smtp-auth, though we don't require it outright, so my guess is that this is why the setting hasn't caused any problems. > After reject_unauth_destination, the only domain left is yours. So > this rule either won't do anything, or will reject your own mail if > the local DNS hiccups. Probably best to remove it. That makes sense; I'll leave reject_unknown_recipient_domain and reject_non_fqdn_recipient after permit_sasl_authenticated, but before permit_mynetworks and reject_unauth_destination. w
