> On 22 Nov 2016, at 01:58, Wietse Venema <wie...@porcupine.org> wrote: > > Gerben Wierda: >> I did another test. I changed the recipient restrictions to: >> >> smtpd_recipient_restrictions = >> reject_unauth_pipelining, >> reject_non_fqdn_recipient, >> permit_sasl_authenticated, >> permit_mynetworks, > > Due to permit_mynetworks, sending mail from a "local" client will > skip all further checks.
But permit_mynetworks comes after reject_non_fqdn_recipient, and I was giving it a non-fqdn address. So, it should not reach the permit_mynetworks check at all. It shouldn’t have anyway, because the mail agent sends authenticated, but that doesn’t change the question here. Note, this was a different issue than the one with greylisting, it was meant to check if the order of checks works as expected and it didn’t. G > >> reject_unauth_destination, >> reject_unknown_recipient_domain, >> reject_unverified_recipient, >> check_client_access >> regexp:/Library/Server/Mail/Config/postfix/rna_policy_whitelist_clients, >> check_sender_access >> regexp:/Library/Server/Mail/Config/postfix/rna_policy_whitelist_senders, >> check_policy_service unix:private/policy, >> permit
