Re: postconf -d smtpd_relay_restrictions

Thu, 06 Jan 2022 09:31:11 -0800 

On Thu, 2022-01-06 at 12:23 -0500, Wietse Venema wrote:
> Jim Popovitch:
> > This config produces the warning/error message:
> > 
> > mail_version = 3.6.3
> > smtpd_relay_restrictions = ${{$compatibility_level} <level {1} ? {} :
> > {permit_mynetworks, permit_sasl_authenticated,
> > defer_unauth_destination}}
> > smtpd_recipient_restrictions = check_client_access
> > cidr:/etc/postfix/check_client_access.cidr, reject_non_fqdn_sender,
> > reject_non_fqdn_recipient, reject_unknown_recipient_domain,
> > check_sender_access pcre:/etc/postfix/check_senders.pcre,
> > check_recipient_access pcre:/etc/postfix/check_recipients.pcre,
> > permit_auth_destination
> > compatibility_level = 0
> 
> Above, smtpd_relay_restrictions will be empty. This setting is
> backwards compatible with Postfix versions that did not have
> smtpd_relay_restrictions.
> 
> This triggers the error because smtpd_recipient_restrictions does
> not contain any of the features that are considered 'required'.
> 
>       ... specify at least one working
>       instance of: reject_unauth_destination, defer_unauth_destination,
>       reject, defer, defer_if_permit or check_relay_domains
> 
> > This config works, and does not produce the warning/error message:
> > 
> > mail_version = 3.6.3
> > smtpd_relay_restrictions = ${{$compatibility_level} <level {1} ? {} :
> > {permit_mynetworks, permit_sasl_authenticated,
> > defer_unauth_destination}}
> > smtpd_recipient_restrictions = check_client_access
> > cidr:/etc/postfix/check_client_access.cidr, reject_non_fqdn_sender,
> > reject_non_fqdn_recipient, reject_unknown_recipient_domain,
> > check_sender_access pcre:/etc/postfix/check_senders.pcre,
> > check_recipient_access pcre:/etc/postfix/check_recipients.pcre,
> > permit_auth_destination
> > compatibility_level = 3.6
> 
> Above, smtpd_relay_restrictions is non-empty (permit_mynetworks,
> permit_sasl_authenticated, defer_unauth_destination), and
> defer_unauth_destination is one of the features that are considered
> 'required'.
> 
> Mystery solved.

Correct. I ack'ed that yesterday in my response to Viktor.  Thanks for
confirming/validating this Wietse.

-Jim P.

Reply via email to