On Wed, Jun 02, 2021 at 06:55:26PM +0200, Eric Smith wrote:
> My postfix ability has dissapated over many years without use :-(
>
> I tried and failing to REJECT an unwanted domain from accessing postfix
> through this in main.cf
>
> smtpd_recipient_restrictions =
> permit_mynetworks,
> permit_sasl_authenticated,
> check_sender_access hash:/etc/postfix/sender_access,
> reject_unauth_destination,
It is best to list "check_sender_access ..." *after*
"reject_unauth_destination":
reject_unauth_destination,
check_sender_access hash:/etc/postfix/sender_access,
otherwise you risk open-relay accidents. Basically put
"reject_unauth_destination" as early as possible in the restriction
list.
You may be protected by "smtpd_relay_restrictions", but if that's
explicitly set empty, "smtpd_recipient_restrictions" is your last line
of defense.
--
Viktor.
