Considering we just came from Postfix 2.15, I think I’m doing better. :) 2.6.6 is the default install for CentOS 6.6.
Jeff > On May 10, 2015, at 5:22 PM, Bill Cole > <postfixlists-070...@billmail.scconsult.com> wrote: > > On 10 May 2015, at 13:45, SH Development wrote: > >> Here is the postconf -n output: > [...] >> mynetworks = 127.0.0.0/8 > > This means that the only network-based trust you have is for the local > machine itself. That's often adequate, but it means that you can't permit > mail from your separate spam filtering machine via permit_mynetworks. > >> smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated >> reject_unauth_destination > > There's your problem. "reject_unauth_destination" means you only reject mail > if it is not to addresses in local, virtual, and relayed domains. Simply put: > as long as the mail is to one of your addresses, you accept it. > > Any solution within Postfix requires you to change > "reject_unauth_destination" to "reject" and pick a way to permit mail from > your spam filter. Simplest: add the IP(s) of the spam filter to mynetworks. > You could also make the filtering server authenticate, but that may be > complicated. Also, your *best* solution is still to split off authenticated > submission to a distinct bonafide port 587 submission service and turn off > authentication on your main SMTP inbound service. > > Also: Since your documentation directories include '2.6.6' I'm guessing > that's your Postfix version and that you are using such an antique because > your distribution includes it. Sticking with the standard obsolete version of > Postfix in a distribution makes sense if all it is going to do is handle > messages from cron jobs and mail/mailx command lines, but it's really not > safe for a machine that accepts port 25 connections from random places. If > you can't wall this machine off from the world at large because you have > users doing submission fom random places, you should at least upgrade to a > version of Postfix that has been maintained recently.