On Sat, Aug 12, 2017 at 12:02:18AM +0200, mj wrote:
> > Far simpler:
> >
> > indexed = ${default_database_type}:${config_directory}/
> > smtpd_relay_restrictions =
> > permit_mynetworks,
> > check_sasl_access ${indexed}sasl_list,
> > reject_unauth_destination
> >
> > /etc/postfix/sasl_list:
> > username1 OK
> > username3 OK
> >
> > With this, you only need to list the permitted users, there's no
> > need to list the rejects, these are handled by the required "default
> > deny" restriction at the end.
>
> But.... where is the "default deny" at the end?
reject_unauth_destination
> What am I missing/not seeing?
The "reject_unauth_destination" rejects all relay attempts, permitting
only inbound mail. If you allow inbound mail from anonymous users,
there's no point in blocking it from specific authenticated users.
--
Viktor.
