> By "local", I mean here the domains for which that particular server is the > final destination, ie. the mail delivered locally and the server "knows" > what to do with it.
I can't find anything more on what *local* is per the RFC, just that it must be defined. Based on that, I guess any argument to what should be local is outside the scope. > Note that the term "delivered locally" is quite broad and may include > *forwarding* the mail to other servers, eg. by aliases defined locally on > the server. But still, the mail *is* delivered locally, it just happens to > be delivered to an alias that forwards it elsewhere. > > In terms of Postfix, I interpret the term "local" in the meaning I used > above as everything that is not in the default domain class (see > http://www.postfix.org/ADDRESS_CLASS_README.html ), ie. all domains for > which the server is configured to "handle" mail somehow. We can discuss if > this description includes relay domain class, but it definitely (at least > for me) includes local domain class, virtual alias domain class and virtual > mailbox domain class. > > In the meaning above, yes. They are all hosted on that server, so they are > local. The "operational" difference between local and non-local is simple > for me: "Operational" is an acceptable way of distinguishing this. If the RFC made any reference to "open relay", I could suggest it be revised to include definitions for local. "Traditionally local" would be the default but an optimized "operationally local" would be the preferred. It could very well be within scope if it was treated as "rules of the road", as is the point of this RFC. Sender and admins expect consistent and safe results when it comes to delivery. Section 7.1 exists but seems mostly to advise against misguided attempts to prevent spoofing. > - mail for all local domains coming in on port 25 should be accepted (of > course considering all usual restrictions - the recipient exists, the > sending IP is not on a blacklist etc.) > > - mail for all non-local domains coming in on port 25 should be outright > rejected with "Relay access denied" (or similar) message. > > There is no authenticated submission on port 25. I do not see anything in the RFC explicitly prohibiting authenticated submission. (I will admit I have been somewhat using "authentication" and "authorization" interchangeably.) 7.1 does say that the inherent nature of SMTP cannot be authenticated (again, going back to that "misguided attempt to secure SMTP [leading to more problems]"). Perhaps because you could easily forge a submission as a relay? On Tue, Apr 18, 2023 at 6:23 AM Jaroslaw Rafa via Postfix-users < postfix-users@postfix.org> wrote: > Dnia 17.04.2023 o godz. 19:59:48 Tyler Montney via Postfix-users pisze: > > And that's a definition I've been struggling with: What is *local* in > > relation to SMTP? > > By "local", I mean here the domains for which that particular server is the > final destination, ie. the mail delivered locally and the server "knows" > what to do with it. > > Note that the term "delivered locally" is quite broad and may include > *forwarding* the mail to other servers, eg. by aliases defined locally on > the server. But still, the mail *is* delivered locally, it just happens to > be delivered to an alias that forwards it elsewhere. > > In terms of Postfix, I interpret the term "local" in the meaning I used > above as everything that is not in the default domain class (see > http://www.postfix.org/ADDRESS_CLASS_README.html ), ie. all domains for > which the server is configured to "handle" mail somehow. We can discuss if > this description includes relay domain class, but it definitely (at least > for me) includes local domain class, virtual alias domain class and virtual > mailbox domain class. > > > What if I'm a managed service provider hosting email on Postfix? Are all > my > > customers considered local? > > In the meaning above, yes. They are all hosted on that server, so they are > local. The "operational" difference between local and non-local is simple > for me: > > - mail for all local domains coming in on port 25 should be accepted (of > course considering all usual restrictions - the recipient exists, the > sending IP is not on a blacklist etc.) > > - mail for all non-local domains coming in on port 25 should be outright > rejected with "Relay access denied" (or similar) message. > > There is no authenticated submission on port 25. > -- > Regards, > Jaroslaw Rafa > r...@rafa.eu.org > -- > "In a million years, when kids go to school, they're gonna know: once there > was a Hushpuppy, and she lived with her daddy in the Bathtub." > _______________________________________________ > Postfix-users mailing list -- postfix-users@postfix.org > To unsubscribe send an email to postfix-users-le...@postfix.org >
_______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
