On Tue, Nov 17, 2015 at 03:26:55PM +0000, Neil Smith wrote:
> On Tuesday 17 Nov 2015 14:43:50 Viktor Dukhovni wrote:
>
> > > smtpd_recipient_restrictions =
> > > permit_sasl_authenticated
> > > permit_mynetworks
> > > permit_mx_backup
> > > check_recipient_access hash:/etc/postfix/recipient_checks
> > > reject_unauth_destination
> >
> > Notice that cute little "permit_mx_backup" in the restriction
> > list before "check_recipient_access"? :-)
>
> If you don't mind, could you please explain why that's a problem? The
> recipient checks addresses aren't for any of the mxbackup domains. I don't
> understand how allowing forwarding of mail for backup.com will mean the
> acceptance of mail for example.com.
See:
http://www.postfix.org/postconf.5.html#permit_mx_backup
Read the description attentively. In general, permit_mx_backup is
a bad idea, instead configure "relay_domains" explicitly and get
rid of permit_mx_backup. Don't forget about "relay_recipient_maps".
In any case your setting of
http://www.postfix.org/postconf.5.html#permit_mx_backup_networks
is also suboptimal, these really should be addresses, not hostnames.
--
Viktor.
