On 7/12/2018 12:29 PM, rog7...@web.de wrote: > Hello, > > I intend to protect some internal email distribution lists in a way, > which is described here: > > http://www.postfix.org/RESTRICTION_CLASS_README.html > > I would need to add "check_recipient_access ..." to the parameter > "smtpd_recipient_restrictions". The actual value of this parameter > in main.cf is: > > smtpd_recipient_restrictions = > permit_mynetworks > reject_unauth_destination > > "smtpd_relay_restrictions" is not explicitly defined in main.cf. But > it seems, that it has this default value (output from postconf): > > smtpd_relay_restrictions = > permit_mynetworks, > permit_sasl_authenticated, > defer_unauth_destination > > It seems to me, that this configuration is somewhat redundant. I > assume, this would be a better configuration: > > smtpd_relay_restrictions = > permit_mynetworks > reject_unauth_destination > > smtpd_recipient_restrictions = > check_recipient_access hash:/etc/postfix/access > > Am I right? > > Regards, > Ingo
Yes, your simplified settings are fine. The reason for the seemingly redundant default settings: before the invention of smtpd_relay_restrictions all relay restrictions were expected to be in smtpd_recipient_restrictions. Some people with complicated recipient spam access controls were inadvertently creating open relays, so the developers added smtpd_relay_restrictions as a place dedicated to *only* relay checks, with a safe default. http://www.postfix.org/postconf.5.html#smtpd_relay_restrictions -- Noel Jones
