On 2019-11-19 05:59 GMT, Viktor Dukhovni wrote:
> On Mon, Nov 18, 2019 at 09:40:24PM +0000, Nick wrote:
>
> > Why did reject_unauth_destination (line 11) only take effect after the
> > probe (line 8, if that's what it is) and after check_policy_service
> > (line 10)?
>
> Because Postfix evaluates smtpd_relay_restrictions *after* it checks
> smtpd_recipient_restrictions.
postconf(5) says the opposite.
smtpd_recipient_restrictions (default: see postconf -d output)
Optional restrictions that the Postfix SMTP server applies in the
context of a client RCPT TO command, after smtpd_relay_restrictions.
smtpd_relay_restrictions (default: permit_mynetworks,
permit_sasl_authenticated, defer_unauth_destination)
Access restrictions for mail relay control that the Postfix SMTP
server applies in the context of the RCPT TO command, before
smtpd_recipient_restrictions.
> > Did smtpd_relay_restrictions apply only after
> > smtpd_recipient_restrictions?
>
> Yes.
If possible, when my server receives an unwanted relay attempt I would
prefer it did not make pointless queries to third parties. Can that
be accomplished?
--
Nick
