On 9/25/2017 3:28 AM, Benny Pedersen wrote:
grep bocek.org main.cf | wc -l
simple rule is that domain names is final destination for postfix, so if
you have bocek.org in mydestination AND in virtual_domain it does not
work as you want
So I need to receive email from bocek.org and then relay it elsewhere.
That's why I put that there. Is that wrong?
keep mydestination as minimal as possible, and then all public domains
as virtual you get more control of what happens, aswell for system
accouns that basicly should be in mydestination (tip here is that
domains in this lists cant be used in public)
to make system accounts works in public use virtual alias mapping
This part always confuses me in Postfix.
how ?
have you edit relay as suggested ?, if yes what error is there now ?
So I modified my recipient restrictions:
smtpd_recipient_restrictions =
check_recipient_access hash:/etc/postfix/access,
check_helo_access hash:/etc/postfix/sender_access,
check_recipient_access hash:/etc/postfix/sender_access,
check_sender_access hash:/etc/postfix/sender_access,
permit_mynetworks,
reject_unauth_pipelining,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_unauth_destination,
reject_unknown_helo_hostname
check_policy_service unix:postgrey/socket,
permit_sasl_authenticated,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
#reject_unknown_sender_domain,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client dnsbl.sorbs.net,
reject_rbl_client dnsbl-1.uceprotect.net,
reject_rbl_client dnsbl-2.uceprotect.net,
reject_rbl_client dnsbl-3.uceprotect.net,
reject_rbl_client b.barracudacentral.org,
reject_unlisted_recipient,
reject_unverified_recipient,
permit
by adding the sender_access lines. This seems to help. I realize I have
two check_recipient_access lines. Is this an issue.
