On Mon, Mar 09, 2015 at 05:56:20PM +0100, Sebastian Nielsen wrote:
> I would instead suggest setting the relay access to:
>
> check_sender_access hash:/etc/postfix/relay_auth, reject_unauth_destination
>
> where /etc/postfix/relay_auth is:
> <YOUR_DOMAIN> permit_mynetworks, reject
> [<EXTERNAL_IP_OF_SMTP_SERVER>] permit_mynetworks, reject
Those are NOT relay control rules, they are anti-spoofing rules at
best. They do not belong in relay restrictions.
Sender based rules are too fragile in relay controls. And of course
nothing in Postfix will do IP address lookups with check_sender_access.
Any such rules (written with more care) can instead go in
smtpd_sender_restrictions.
smtpd_sender_restrictions =
check_sender_access <some-table-for-your-domains>
<rules for other senders>
Keep the relay restrictions *simple*, just avoid being
an open relay. Other policy controls go elsewhere.
--
Viktor.
