On 05/02/17 07:00, richard lucassen wrote: >> Ok, so there is no reason anymore to use all these separate >> smtpd_*_restrictions, I will just use smtpd_recipient_restrictions >> as clearly stated here: >> >> http://www.akadia.com/services/postfix_uce.html >> >> That's right isn't it? > > Apparently not: > > http://www.postfix.org/SMTPD_ACCESS_README.html#danger
The issue happens when you have a PERMIT result before other tests that you want to run that might result in REJECT. The PERMIT bypasses further tests. There are many solutions to this. One is to make sure not to use PERMIT unless you really do mean to bypass further restriction tests. Use DUNNO instead. Another thing that helps is to keep your restrictions separate from your port 25 MX traffic vs your port 587 submission traffic. Don't put submission restrictions such as permit_sasl_authenticated or permit_mynetworks in main.cf or your smtp line in master.cf, and don't put restrictions that are meant for port 25 such as reject_unauth_destination in your submission line for master.cf. When you keep these separate then things become much easier to manage. Peter
