On 8/1/2020 8:43 AM, Wietse Venema wrote:
deoren:
Hi,
I'm likely overlooking this (I'm still digging), but do the restrictions
in smtpd_relay_restrictions apply before the rewriting configured for
canonical_maps takes place?
Before. The smtpd_mumble_restrictions peek at the canonical and
virtual maps to determine if the before-rewriting address could match.
The actual rewriting happens later, in the cleanup daemon.
Thanks for that pointer, I'll look further in that direction.
I'm trying to rewrite the sender address for a system before its mail is
relayed and it appears that the reject_non_fqdn_sender restriction is
applying before the rewrite can be completed. I assume I'm just doing
something wrong, but wanted to double-check on the timing/ordering
before I continued to troubleshoot much further.
If the system is allowed to relay (definition: send mail through a
Postfix server to remote destinations) then it should not be subject
to reject_non_fqdn_sender and such.
Fair point.
We had a good bit of abuse on a web form a number of years back which
generated some garbage sender values. To help prevent that spam from
leaving our relays, we dropped in the reject_non_fqdn_sender restriction
and that helped until the root cause (since fixed) could be eliminated.
We've found that having the directive in place helps flag
systems/software with misconfigured settings.
