Considering we just came from Postfix 2.15, I think I’m doing better.  :)  
2.6.6 is the default install for CentOS 6.6.

Jeff


> On May 10, 2015, at 5:22 PM, Bill Cole 
> <postfixlists-070...@billmail.scconsult.com> wrote:
> 
> On 10 May 2015, at 13:45, SH Development wrote:
> 
>> Here is the postconf -n output:
> [...]
>> mynetworks = 127.0.0.0/8
> 
> This means that the only network-based trust you have is for the local 
> machine itself. That's often adequate, but it means that you can't permit 
> mail from your separate spam filtering machine via permit_mynetworks.
> 
>> smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated 
>> reject_unauth_destination
> 
> There's your problem.  "reject_unauth_destination" means you only reject mail 
> if it is not to addresses in local, virtual, and relayed domains. Simply put: 
> as long as the mail is to one of your addresses, you accept it.
> 
> Any solution within Postfix requires you to change 
> "reject_unauth_destination" to "reject" and pick a way to permit mail from 
> your spam filter. Simplest: add the IP(s) of the spam filter to mynetworks. 
> You could also make the filtering server authenticate, but that may be 
> complicated. Also, your *best* solution is still to split off authenticated 
> submission to a distinct bonafide port 587 submission service and turn off 
> authentication on your main SMTP inbound service.
> 
> Also: Since your documentation directories include '2.6.6' I'm guessing 
> that's your Postfix version and that you are using such an antique because 
> your distribution includes it. Sticking with the standard obsolete version of 
> Postfix in a distribution makes sense if all it is going to do is handle 
> messages from cron jobs and mail/mailx command lines, but it's really not 
> safe for a machine that accepts port 25 connections from random places. If 
> you can't wall this machine off from the world at large because you have 
> users doing submission fom random places, you should at least upgrade to a 
> version of Postfix that has been maintained recently.

Reply via email to