Nick wrote:
But postconf(5) says "smtpd_recipient_restrictions ... applies in the
context of a client RCPT TO command, after smtpd_relay_restrictions."
If smtpd_relay_restrictions applies first, why didn't its
reject_unauth_destination cause rejection before anything in
smtpd_recipient_restrictions was consulted?
Sorry, I did not see that part of your question.
Viktor Dukhovni wrote:
Sadly, the implementation changed without a documentation update.
Perhaps there were competing interests dependent on the evaluation
order, and issuing better backwards compatibility warnings prevailed?
I agree that the documented order seems more optimal otherwise.
This should really be fixed. SMTPD_ACCESS_README (five times),
ADDRESS_VERIFICATION_README and RESTRICTION_CLASS_README specify that
"reject_unauth_destination is not needed here [= in
smtpd_recipient_restrictions] if the mail relay policy is specified under
smtpd_relay_restrictions".
Gregory
