Re: postconf -d smtpd_relay_restrictions

Thu, 06 Jan 2022 08:49:57 -0800 

On Thu, 2022-01-06 at 11:32 -0500, Wietse Venema wrote:
> Jim Popovitch:
> > On Thu, 2022-01-06 at 22:29 +1100, Viktor Dukhovni wrote:
> > > 
> > > 
> > > Removing the compatibility_level setting entirely could introduce
> > > the reported symptoms, if "smtpd_recipient_restrictions" doesn't
> > > have any of the "default deny" rules, and relies on the relay
> > > restrictions to prevent relay abuse.
> > 
> > That's interesting.
> > 
> > Testing this AM...
> > 
> > Setting compatibility_level=2 doesn't reproduce the error message.
> > 
> > Removing the compatibility_level entirely does reintroduce the error
> > message (once per every inbound connection):
> > 
> >   fatal: in parameter smtpd_relay_restrictions or
> >      smtpd_recipient_restrictions, specify at least one working
> >      instance of: reject_unauth_destination, defer_unauth_destination,
> >      reject, defer, defer_if_permit or check_relay_domains
> > 
> > The message is accurate as I do not have any instance of those settings
> > in smtpd_recipient_restrictions, however I do have
> > permit_auth_destination set.
> 
> Could we have all the neccary info to reproduce this in one email message?
> 
> For both compatibility level settings:
> 
> postconf mail_version smtpd_relay_restrictions smtpd_recipient_restrictions 
> compatibility_level
> 
>       Wietse

This config produces the warning/error message:

mail_version = 3.6.3
smtpd_relay_restrictions = ${{$compatibility_level} <level {1} ? {} :
{permit_mynetworks, permit_sasl_authenticated,
defer_unauth_destination}}
smtpd_recipient_restrictions = check_client_access
cidr:/etc/postfix/check_client_access.cidr, reject_non_fqdn_sender,
reject_non_fqdn_recipient, reject_unknown_recipient_domain,
check_sender_access pcre:/etc/postfix/check_senders.pcre,
check_recipient_access pcre:/etc/postfix/check_recipients.pcre,
permit_auth_destination
compatibility_level = 0

This config works, and does not produce the warning/error message:

mail_version = 3.6.3
smtpd_relay_restrictions = ${{$compatibility_level} <level {1} ? {} :
{permit_mynetworks, permit_sasl_authenticated,
defer_unauth_destination}}
smtpd_recipient_restrictions = check_client_access
cidr:/etc/postfix/check_client_access.cidr, reject_non_fqdn_sender,
reject_non_fqdn_recipient, reject_unknown_recipient_domain,
check_sender_access pcre:/etc/postfix/check_senders.pcre,
check_recipient_access pcre:/etc/postfix/check_recipients.pcre,
permit_auth_destination
compatibility_level = 3.6


This is on Debian/Bookworm

hth,

-Jim P.

Reply via email to