On 3/9/2015 6:14 AM, Earl Killian wrote: > My question is how to figure out why smtpd_relay_restrictions is > being used for local recipients. > (In the following, I've renamed the local domain name (which is > listed in mydestination) to example.com to prevent email harvesting.) > > I upgraded a system from openSUSE 13.1 to 13.2 and got Postfix 2.11 > as a result. I noticed the introduction of smtpd_relay_restrictions, > and decided to set it. My first thought was to just set it to > "reject" in main.cf since originating email is supposed to use the > submission port, which can override smtpd_relay_restrictions in > master.cf, but I ended up setting it as follows just in case some > software used port 25 instead of 587: > smtpd_relay_restrictions = > reject_non_fqdn_recipient > reject_unknown_recipient_domain > reject_unknown_sender_domain > permit_mynetworks > permit_tls_clientcerts > permit_sasl_authenticated > reject > I then noticed that Postfix was rejecting incoming mail from the > internet to f...@example.com with
You have misunderstood the purpose of smtpd_relay_restrictions. Your mail is rejected by the final "reject" you placed. *ALL* mail is evaluated by smtpd_relay_restrictions, and unless you have very unusual relay requirements, you should either set it empty, or use the suggested safety net: smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination -- Noel Jones
