Hello everyone, I've been using Postfix for quite some time and recently have installed it in a container but am getting a small amount of relay spam through and a lot of mail errors to unknown addresses (which signaled me to the config issue). As part of the migration, postfix was updated from a much older version and I no longer have the source version I started from, but I am currently on 3.4.12.
I think what I would like is pretty simple, so perhaps my configuration is off or something but: -take mail in from internet for delivery only to local email addresses on this server (I have 3 total local addresses) -local addresses on this server can send mail to any address -local delivery is forwarded to a gmail account Forwarding and reception to gmail works fine. If there is an example that answers this particular scenario (I've googled all over for answers and failed for over a month now), I'd appreciate a link, perhaps I'm not asking or looking for the right solution. Appreciate any thoughts and ideas as well as time taken to look at this! -Pete postconf -n returns: command_directory = /usr/sbin compatibility_level = 2 daemon_directory = /usr/lib/postfix data_directory = /var/lib/postfix debug_peer_level = 5 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X12R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 default_destination_recipient_limit = 2 default_extra_recipient_limit = 2 duplicate_filter_limit = 2 html_directory = /dev/null inet_interfaces = all inet_protocols = ipv4 mail_owner = postfix maillog_file = /tmp/log/mail.log maillog_file_prefixes = /tmp/log, var, /dev/stdout mailq_path = /usr/bin/mailq manpage_directory = /dev/null meta_directory = /etc/postfix mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain mydomain = MY_DOMAIN.com myhostname = mail.MY_DOMAIN.com mynetworks_style = subnet myorigin = $mydomain newaliases_path = /usr/bin/newaliases queue_directory = /var/spool/postfix readme_directory = /dev/null relayhost = [smtp.gmail.com]:587 sample_directory = /etc/postfix sendmail_path = /usr/sbin/sendmail shlib_directory = /usr/lib/postfix smtp_sasl_auth_enable = yes smtp_sasl_security_options = noanonymous smtp_tls_CApath = /etc/ssl/certs smtp_tls_security_level = may smtpd_client_connection_rate_limit = 2 smtpd_client_message_rate_limit = 2 smtpd_client_recipient_rate_limit = 2 smtpd_hard_error_limit = 3 smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname smtpd_recipient_limit = 2 smtpd_recipient_overshoot_limit = 3 smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, reject_rbl_client cbl.abuseat.org, reject_rbl_client zen.spamhaus.org, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client dsn.rfc-ignorant.org, reject_rbl_client dul.dnsbl.sorbs.net, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client ix.dnsbl.manitu.net, reject_rbl_client combined.rbl.msrbl.net, reject_rbl_client rabl.nuclearelephant.com, reject_rhsbl_reverse_client dbl.spamhaus.org, reject_rhsbl_helo dbl.spamhaus.org, reject_rhsbl_sender dbl.spamhaus.org, permit smtpd_relay_restrictions = permit_mynetworks, reject_unauth_destination smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_reverse_client_hostname, reject_unknown_client_hostname, reject_unknown_sender_domain, reject_unknown_address, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_pipelining, reject_unauth_destination, reject_invalid_hostname, reject_non_fqdn_hostname smtpd_tls_CApath = /etc/ssl/certs smtpd_tls_ciphers = high smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem smtpd_tls_exclude_ciphers = aNULL, LOW, EXP, MEDIUM, ADH, AECDH, MD5, DSS, ECDSA, CAMELLIA128, 3DES, CAMELLIA256, RSA+AES, eNULL smtpd_tls_mandatory_ciphers = high smtpd_tls_security_level = may tls_high_cipherlist = ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256 tls_ssl_options = NO_COMPRESSION unknown_local_recipient_reject_code = 550
