On 22 Oct 2016, at 8:54, /dev/rob0 wrote:
Should "closing 'permit' lines" be removed from live
configurations?
Of course not. That is how it works. If not specified as the OP did
it, the ending value of any restriction stage is "permit". If not,
mail would not be accepted at all.
Not exactly. In principle one can end a restriction list with 'reject'
if all desired 'permit' cases are covered by previous directives. In
smtpd_recipient_restrictions this implies a check_recipient_access
directive that permits local recipients (obviously AFTER anti-spam
restrictions). And of course, many master.cf files include a service
defined like this:
submission inet n - n - - smtpd
-o syslog_name=postfix/submit
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
