> -----Original Message----- > From: owner-postfix-us...@postfix.org [mailto:owner-postfix- > us...@postfix.org] On Behalf Of Viktor Dukhovni > Sent: Wednesday, September 02, 2015 5:15 PM > To: postfix-users@postfix.org > Subject: Re: append mydomain > > On Wed, Sep 02, 2015 at 09:53:48PM +0000, Vernon Fort wrote: > > > > > I'm using postfix 3.0.2. The above appears correct but it's not > > > > working, still rejects a From address with an empty domain, e.g. > > > > "From=PostfixUser" > > > > > > > > Suggestions? > > > > > > * http://www.postfix.org/DEBUG_README.html#mail > > > > > > * Logs. > > > > In the smtpd_recipient_restrictions, I had reject_non_fqdn_sender - > > all my restrictions are in the smtpd_recipient_restrictions. When I > > take this restriction out, the $mydomain is appended. This is the > > same restriction list I had with the old setup (prior to postfix 3.0). > > Is this machine receiving inbound mail from the Internet, or sending > outbound mail from internal users? Or both?
BOTH... > > In all honesty, this was an old box we setup 5+ years ago and just > > upgraded and I have no idea if this was working or not prior to today > > (no way to test either). Is there any harm in leaving this restriction out? > > Why do you want to accept mail from invalid domain-less envelope senders? I don't! > A reasonable minimal configuration is: > > smtpd_recipient_restrictions = > permit_mynetworks, > permit_sasl_authenticated, > reject_unauth_destination, > reject_non_fqdn_sender, > reject_unknown_sender_domain > > Allows non-fqdn addresses from trusted clients and authenticated users, but > not from outside. You'd generally add more to that, and be mindful of > "smtpd_relay_restrictions" introduced with 2.10 or so. > > http://www.postfix.org/postconf.5.html#smtpd_relay_restrictions > > -- > Viktor. Ah- the order. I had: smtpd_recipient_restrictions = reject_non_fqdn_sender, reject_non_fqdn_recipient, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, .... and changed to: smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_sender, reject_non_fqdn_recipient, which works but I think that rejecting "reject_non_fqdn_recipient' should be first so we reject email from internal users that fat-finger recipient addresses. But I have some reading to do with http://www.postfix.org/postconf.5.html#smtpd_relay_restrictions. I need to rework the *_restrictions. Thanks - I was focused on the changes from 2.0 to 3.0 and should have caught this.... Vernon
