Re: Problem with configuring postfix to send a Successful Mail Delivery Report.
On Mon, Apr 28, 2014 at 1:18 PM, Wietse Venema wrote: > johan van der merwe: > > Hi All, > > > > I have a problem with configuring my postfix to send a Successful Mail > > Delivery Report. > > The Undelivered Mail Returned to Sender works fine. > > "Does not work" is not sufficient. What sendmail command-line option > did you use, or what SMTP protocol option did you specify to request > successful delivery notification? > I used the lmtp protocol as above: lmtp unix - - - - - lmtp > > Wietse >
Re: Problems with local mail delivery
Viktor: > Your multi-jail design is necessarily rather complex, and requires > attention to detail to get right. A simpler design may be a better > idea. Well to be honest, I used a book by Benedikt Nießen ( www.serverzeit.de ) to get to where I am now. I guess now it's up to me to find out where I shot myself in the foot so to speak. If anyone else is familiar with the book or the ins and outs of using that design on FreeBSD 10, I'd be glad to hear from you. Thank you all for being there to help me. Sebastian
Re: Problems with local mail delivery
On Tue, Apr 29, 2014 at 12:24:23PM +0200, Sebastian wrote: > Viktor: > > Your multi-jail design is necessarily rather complex, and requires > > attention to detail to get right. A simpler design may be a better > > idea. > > Well to be honest, I used a book by Benedikt Nie?en ( www.serverzeit.de ) > to get to where I am now. I guess now it's up to me to find out where I > shot myself in the foot so to speak. Your main challenge is to ensure that any required forwarding of mail between jails does not run into loop detection or IP address conflicts. If each jail is to be thought of as a separate machine, that just happens to run on the same set of CPUs and physical network interfaces, and if these machines are supposed to be able to send email to each other via SMTP because they host distinct domains, then you need: - A distinct FQDN $myhostname for each jail that receives email via SMTP, that is different from that of all other jails (even those that only send, but don't receive SMTP messages). Each jail's $myorigin and $mydomain need to be set appropriately, to handle mail for unqualified users and hosts. You'll need postmaster aliases, and perhaps also aliases for root, and any accounts of jailed services that you want to read in one place. The jail's $myorigin (domain of shell user accounts) may well be "owned" by another jail. - A unique set of network addresses as "inet_interfaces" for each jail. - Appropriate forward/reverse mappings in DNS for each jail's network addresses and any MX records for associated domains. This is all doable, but requires some care to make sure that no inappropriate evidence of the jails sharing the same hardware breaks the illusion of separate machines. -- Viktor.
Re: Problems with local mail delivery
Viktor Dukhovni: > On Tue, Apr 29, 2014 at 12:24:23PM +0200, Sebastian wrote: > > Viktor: > > > Your multi-jail design is necessarily rather complex, and requires > > > attention to detail to get right. A simpler design may be a better > > > idea. > > > > Well to be honest, I used a book by Benedikt Nie?en ( www.serverzeit.de ) > > to get to where I am now. I guess now it's up to me to find out where I > > shot myself in the foot so to speak. > > Your main challenge is to ensure that any required forwarding of > mail between jails does not run into loop detection or IP address > conflicts. > > If each jail is to be thought of as a separate machine, that just > happens to run on the same set of CPUs and physical network > interfaces, and if these machines are supposed to be able to send > email to each other via SMTP because they host distinct domains, > then you need: > > - A distinct FQDN $myhostname for each jail that receives email > via SMTP, that is different from that of all other jails > (even those that only send, but don't receive SMTP messages). > > Each jail's $myorigin and $mydomain need to be set appropriately, > to handle mail for unqualified users and hosts. You'll need > postmaster aliases, and perhaps also aliases for root, and > any accounts of jailed services that you want to read in one > place. The jail's $myorigin (domain of shell user accounts) > may well be "owned" by another jail. > > - A unique set of network addresses as "inet_interfaces" for > each jail. > > - Appropriate forward/reverse mappings in DNS for each jail's > network addresses and any MX records for associated domains. > > This is all doable, but requires some care to make sure that no > inappropriate evidence of the jails sharing the same hardware > breaks the illusion of separate machines. Additionally, appropriate inet_interfaces settings for the "global" environment (i.e. non-jail) so that it does not listen on all IP addresses (which is the Postfix default). This may not be an issue anymore, but it was an issue with early jail implementations where the default Postfix inet_interfaces setting would listen on the IP addresses of jailed environments. Wietse
Re: Problem with configuring postfix to send a Successful Mail Delivery Report.
johan van der merwe: > On Mon, Apr 28, 2014 at 1:18 PM, Wietse Venema wrote: > > johan van der merwe: > > > Hi All, > > > > > > I have a problem with configuring my postfix to send a Successful Mail > > > Delivery Report. > > > The Undelivered Mail Returned to Sender works fine. > > > > "Does not work" is not sufficient. What sendmail command-line option > > did you use, or what SMTP protocol option did you specify to request > > successful delivery notification? > > > I used the lmtp protocol as above: > lmtp unix - - - - - lmtp "Success" notifications are requested by the email sender. They ARE NOT automatically sent for all email. What option did you as the email sender specify on the command line? Whan RCPT TO parameter did you as the email sender specify in the SMTP mail transaction? Wietse
Need help with relayhost
As root on my new relayhost I can send mail to m...@example.com. Mail goes through another relay and then hits our system. Using Postfix 2.6.6. on RHEL 6. I have configured a client to send mail through the new relayhost. The mail gets to the relayhost's maillog with about 16 connect/disconnects and stanzas like connect from unknown[3.4.5.6] client=unknown[3.4.5.6] from=<>, size=11652, nrcpt=1 (queue active) disconnect from unknown[3.4.5.6] to=, relay=9.8.7.6, delay=0.08, delays=0.06/0/0/0.02, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as ABCD1234 ABCD1234: removed What I don't get is why the from is blank and the to is root@relayhost instead of m...@example.com. Of course, why there are 16 or so stanzas like this confuses me as well. Thoughts? Leam -- Mind on a Mission
Re: Need help with relayhost
Here are the changes I've made to /etc/postfix/main.cf mydomain = example.com myorigin = $myhostname inet_interfaces = 1.2.3.4, 127.0.0.1 inet_protocols = ipv4 # $mydestination local_recipient_maps = mynetworks = 1.2.3.0/28, 3.4.5.6, 127.0.0.0/8 relayhost = 9.8.7.6 It seems like the relayhost is keeping the mail for himself. The target user does not exist on the relayhost or the client. On Tue, Apr 29, 2014 at 12:47 PM, leam hall wrote: > As root on my new relayhost I can send mail to m...@example.com. Mail > goes through another relay and then hits our system. Using Postfix > 2.6.6. on RHEL 6. > > I have configured a client to send mail through the new relayhost. The > mail gets to the relayhost's maillog with about 16 connect/disconnects > and stanzas like > > connect from unknown[3.4.5.6] > client=unknown[3.4.5.6] > from=<>, size=11652, nrcpt=1 (queue active) > disconnect from unknown[3.4.5.6] > to=, relay=9.8.7.6, delay=0.08, > delays=0.06/0/0/0.02, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as > ABCD1234 > ABCD1234: removed > > What I don't get is why the from is blank and the to is root@relayhost > instead of m...@example.com. Of course, why there are 16 or so stanzas > like this confuses me as well. > > Thoughts? > > Leam > > -- > Mind on a Mission -- Mind on a Mission
Re: Need help with relayhost
leam hall: > > As root on my new relayhost I can send mail to m...@example.com. Mail > > goes through another relay and then hits our system. Using Postfix > > 2.6.6. on RHEL 6. > > > > I have configured a client to send mail through the new relayhost. The > > mail gets to the relayhost's maillog with about 16 connect/disconnects > > and stanzas like > > > > connect from unknown[3.4.5.6] > > client=unknown[3.4.5.6] > > from=<>, size=11652, nrcpt=1 (queue active) The client [3.4.5.6] is reporting a mail delivery error. > What I don't get is why the from is blank and the to is root@relayhost That's because the client [3.4.5.6] is reporting a mail delivery error. To find out why the client [3.4.5.6] reports a delivery error, look in the mail logfile on the client. Wietse
Re: Need help with relayhost
It looks like the upstream relay (9.8.7.6) is trying to contact the client. Does Postfix need DNS to resolve mail to be forwarded? Apr 29 15:37:26 client sendmail[15767]: s3TJbQGQ015767: from=root, size=47, class=0, nrcpts=1, msgid=<201404291937.s3tjbqgq015...@client.example.com> , relay=root@localhost Apr 29 15:37:26 client sendmail[15767]: s3TJbQGQ015767: from=root, size=47, class=0, nrcpts=1, msgid=<201404291937.s3tjbqgq015...@client.example.com> , relay=root@localhost Apr 29 15:37:26 client sendmail[15767]: s3TJbQGQ015767: to=l...@example.com, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=3 0047, relay=2.3.4.5, dsn=5.1.2, stat=Host unknown (Name server: 2.3.4.5: host not found) Apr 29 15:37:26 client sendmail[15767]: s3TJbQGQ015767: to=l...@example.com, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=3 0047, relay=2.3.4.5, dsn=5.1.2, stat=Host unknown (Name server: 2.3.4.5: host not found) Apr 29 15:37:26 client sendmail[15767]: s3TJbQGQ015767: s3TJbQGR015767: DSN: Host unknown (Name server: 2.3.4.5: host not found) Apr 29 15:37:26 client sendmail[15767]: s3TJbQGQ015767: s3TJbQGR015767: DSN: Host unknown (Name server: 2.3.4.5: host not found) Apr 29 15:37:26 client postfix/smtpd[15771]: connect from localhost.localdomain[127.0.0.1] Apr 29 15:37:26 client postfix/smtpd[15771]: connect from localhost.localdomain[127.0.0.1] Apr 29 15:37:26 client postfix/smtpd[15771]: E7506300039: client=localhost.localdomain[127.0.0.1] Apr 29 15:37:26 client postfix/smtpd[15771]: E7506300039: client=localhost.localdomain[127.0.0.1] Apr 29 15:37:26 client postfix/cleanup[15773]: E7506300039: message-id=<201404291937.s3tjbqgr015...@client.example.com> Apr 29 15:37:26 client postfix/cleanup[15773]: E7506300039: message-id=<201404291937.s3tjbqgr015...@client.example.com> Apr 29 15:37:27 client postfix/qmgr[8727]: E7506300039: from=<>, size=2255, nrcpt=1 (queue active) Apr 29 15:37:27 client postfix/qmgr[8727]: E7506300039: from=<>, size=2255, nrcpt=1 (queue active) Apr 29 15:37:27 client sendmail[15767]: s3TJbQGR015767: to=root, delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=31071, relay=[127.0.0.1] [127.0.0 .1], dsn=2.0.0, stat=Sent (Ok: queued as E7506300039) Apr 29 15:37:27 client sendmail[15767]: s3TJbQGR015767: to=root, delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=31071, relay=[127.0.0.1] [127.0.0 .1], dsn=2.0.0, stat=Sent (Ok: queued as E7506300039) Apr 29 15:37:27 client postfix/smtpd[15771]: disconnect from localhost.localdomain[127.0.0.1] Apr 29 15:37:27 client postfix/smtpd[15771]: disconnect from localhost.localdomain[127.0.0.1] Apr 29 15:37:27 client postfix/smtp[15774]: E7506300039: to=, relay=2.3.4.5[2.3.4.5]:25, delay=0.19, delays=0.07/0.01/0.02/0 .08, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 36D5B1E02AE) Apr 29 15:37:27 client postfix/smtp[15774]: E7506300039: to=, relay=2.3.4.5[2.3.4.5]:25, delay=0.19, delays=0.07/0.01/0.02/0 .08, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 36D5B1E02AE) Apr 29 15:37:27 client postfix/qmgr[8727]: E7506300039: removed Apr 29 15:37:27 client postfix/qmgr[8727]: E7506300039: removed Apr 29 15:37:27 client postfix/smtpd[15771]: connect from unknown[9.8.7.6] Apr 29 15:37:27 client postfix/smtpd[15771]: connect from unknown[9.8.7.6] Apr 29 15:37:27 client postfix/smtpd[15771]: 33862300039: client=unknown[9.8.7.6] Apr 29 15:37:27 client postfix/smtpd[15771]: 33862300039: client=unknown[9.8.7.6] Apr 29 15:37:27 client postfix/cleanup[15773]: 33862300039: message-id=<201404291937.s3tjbqgr015...@client.example.com> Apr 29 15:37:27 client postfix/cleanup[15773]: 33862300039: message-id=<201404291937.s3tjbqgr015...@client.example.com> Apr 29 15:37:27 client postfix/smtpd[15771]: disconnect from unknown[9.8.7.6] Apr 29 15:37:27 client postfix/smtpd[15771]: disconnect from unknown[9.8.7.6] On Tue, Apr 29, 2014 at 1:21 PM, Wietse Venema wrote: > leam hall: >> > As root on my new relayhost I can send mail to m...@example.com. Mail >> > goes through another relay and then hits our system. Using Postfix >> > 2.6.6. on RHEL 6. >> > >> > I have configured a client to send mail through the new relayhost. The >> > mail gets to the relayhost's maillog with about 16 connect/disconnects >> > and stanzas like >> > >> > connect from unknown[3.4.5.6] >> > client=unknown[3.4.5.6] >> > from=<>, size=11652, nrcpt=1 (queue active) > > The client [3.4.5.6] is reporting a mail delivery error. > >> What I don't get is why the from is blank and the to is root@relayhost > > That's because the client [3.4.5.6] is reporting a mail delivery > error. > > To find out why the client [3.4.5.6] reports a delivery error, look > in the mail logfile on the client. > > Wietse -- Mind on a Mission
Re: Need help with relayhost
Am 29.04.2014 21:52, schrieb leam hall: > It looks like the upstream relay (9.8.7.6) is trying to contact the > client. Does Postfix need DNS to resolve mail to be forwarded? yes until you do not have fixed transports how else should it resolve the destination? > Apr 29 15:37:26 client sendmail[15767]: s3TJbQGQ015767: from=root, > size=47, class=0, nrcpts=1, > msgid=<201404291937.s3tjbqgq015...@client.example.com> > , relay=root@localhost > Apr 29 15:37:26 client sendmail[15767]: s3TJbQGQ015767: from=root, > size=47, class=0, nrcpts=1, > msgid=<201404291937.s3tjbqgq015...@client.example.com> > , relay=root@localhost > Apr 29 15:37:26 client sendmail[15767]: s3TJbQGQ015767: > to=l...@example.com, ctladdr=root (0/0), delay=00:00:00, > xdelay=00:00:00, mailer=relay, pri=3 > 0047, relay=2.3.4.5, dsn=5.1.2, stat=Host unknown (Name server: > 2.3.4.5: host not found) > Apr 29 15:37:26 client sendmail[15767]: s3TJbQGQ015767: > to=l...@example.com, ctladdr=root (0/0), delay=00:00:00, > xdelay=00:00:00, mailer=relay, pri=3 > 0047, relay=2.3.4.5, dsn=5.1.2, stat=Host unknown (Name server: > 2.3.4.5: host not found) > Apr 29 15:37:26 client sendmail[15767]: s3TJbQGQ015767: > s3TJbQGR015767: DSN: Host unknown (Name server: 2.3.4.5: host not > found) > Apr 29 15:37:26 client sendmail[15767]: s3TJbQGQ015767: > s3TJbQGR015767: DSN: Host unknown (Name server: 2.3.4.5: host not > found) > Apr 29 15:37:26 client postfix/smtpd[15771]: connect from > localhost.localdomain[127.0.0.1] > Apr 29 15:37:26 client postfix/smtpd[15771]: connect from > localhost.localdomain[127.0.0.1] > Apr 29 15:37:26 client postfix/smtpd[15771]: E7506300039: > client=localhost.localdomain[127.0.0.1] > Apr 29 15:37:26 client postfix/smtpd[15771]: E7506300039: > client=localhost.localdomain[127.0.0.1] > Apr 29 15:37:26 client postfix/cleanup[15773]: E7506300039: > message-id=<201404291937.s3tjbqgr015...@client.example.com> > Apr 29 15:37:26 client postfix/cleanup[15773]: E7506300039: > message-id=<201404291937.s3tjbqgr015...@client.example.com> > Apr 29 15:37:27 client postfix/qmgr[8727]: E7506300039: from=<>, > size=2255, nrcpt=1 (queue active) > Apr 29 15:37:27 client postfix/qmgr[8727]: E7506300039: from=<>, > size=2255, nrcpt=1 (queue active) > Apr 29 15:37:27 client sendmail[15767]: s3TJbQGR015767: to=root, > delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=31071, > relay=[127.0.0.1] [127.0.0 > .1], dsn=2.0.0, stat=Sent (Ok: queued as E7506300039) > Apr 29 15:37:27 client sendmail[15767]: s3TJbQGR015767: to=root, > delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=31071, > relay=[127.0.0.1] [127.0.0 > .1], dsn=2.0.0, stat=Sent (Ok: queued as E7506300039) > Apr 29 15:37:27 client postfix/smtpd[15771]: disconnect from > localhost.localdomain[127.0.0.1] > Apr 29 15:37:27 client postfix/smtpd[15771]: disconnect from > localhost.localdomain[127.0.0.1] > Apr 29 15:37:27 client postfix/smtp[15774]: E7506300039: > to=, relay=2.3.4.5[2.3.4.5]:25, delay=0.19, > delays=0.07/0.01/0.02/0 > .08, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 36D5B1E02AE) > Apr 29 15:37:27 client postfix/smtp[15774]: E7506300039: > to=, relay=2.3.4.5[2.3.4.5]:25, delay=0.19, > delays=0.07/0.01/0.02/0 > .08, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 36D5B1E02AE) > Apr 29 15:37:27 client postfix/qmgr[8727]: E7506300039: removed > Apr 29 15:37:27 client postfix/qmgr[8727]: E7506300039: removed > Apr 29 15:37:27 client postfix/smtpd[15771]: connect from unknown[9.8.7.6] > Apr 29 15:37:27 client postfix/smtpd[15771]: connect from unknown[9.8.7.6] > Apr 29 15:37:27 client postfix/smtpd[15771]: 33862300039: > client=unknown[9.8.7.6] > Apr 29 15:37:27 client postfix/smtpd[15771]: 33862300039: > client=unknown[9.8.7.6] > Apr 29 15:37:27 client postfix/cleanup[15773]: 33862300039: > message-id=<201404291937.s3tjbqgr015...@client.example.com> > Apr 29 15:37:27 client postfix/cleanup[15773]: 33862300039: > message-id=<201404291937.s3tjbqgr015...@client.example.com> > Apr 29 15:37:27 client postfix/smtpd[15771]: disconnect from unknown[9.8.7.6] > Apr 29 15:37:27 client postfix/smtpd[15771]: disconnect from unknown[9.8.7.6] > > On Tue, Apr 29, 2014 at 1:21 PM, Wietse Venema wrote: >> leam hall: As root on my new relayhost I can send mail to m...@example.com. Mail goes through another relay and then hits our system. Using Postfix 2.6.6. on RHEL 6. I have configured a client to send mail through the new relayhost. The mail gets to the relayhost's maillog with about 16 connect/disconnects and stanzas like connect from unknown[3.4.5.6] client=unknown[3.4.5.6] from=<>, size=11652, nrcpt=1 (queue active) >> >> The client [3.4.5.6] is reporting a mail delivery error. >> >>> What I don't get is why the from is blank and the to is root@relayhost >> >> That's because the client [3.4.5.6] is reporting a mail delivery >> error. >> >> To find out why the client [3.4.5.6] reports a delivery error, look >> in the mail logfile on the clie
Re: Need help with relayhost
leam hall: > Apr 29 15:37:26 client sendmail[15767]: s3TJbQGQ015767: > s3TJbQGR015767: DSN: Host unknown (Name server: 2.3.4.5: host not > found) That is Sendmail not Postfix. Is is unable to deliver some mail. > Apr 29 15:37:26 client postfix/smtpd[15771]: connect from > localhost.localdomain[127.0.0.1] That is Postfix. It is receiving a "delivery error report" from Sendmail. This machine runs both Postfix and Sendmail. You need to fix that first. How? That depends on the OS distribution that you are using. Wietse
exclude client from smtpd_tls_security_level = encrypt
i have an msa, which requires encryption and smtp auth, save one sole exception - a client which [for now] cannot perform either, that i must explicitly trust based only on source ip address. to that end, i've allowed it to perform submission with check_client_access, but i'm left at odds with smtpd_tls_security_level = encrypt. i'd like to say "smtpd_tls_security_level = encrypt, with this exception". something akin to smtp_tls_policy_maps, but for smtpd? for the moment, i've done smtpd_tls_security_level = may smtpd_tls_auth_only = yes which suffices, but not quite in the manner that i'd prefer. can this be done? -ben
Re: exclude client from smtpd_tls_security_level = encrypt
Am 29.04.2014 22:49, schrieb btb: > i have an msa, which requires encryption and smtp auth, save one sole > exception - a client which [for now] cannot > perform either, that i must explicitly trust based only on source ip address. > to that end, i've allowed it to > perform submission with check_client_access, but i'm left at odds with > smtpd_tls_security_level = encrypt. i'd > like to say "smtpd_tls_security_level = encrypt, with this exception". > something akin to smtp_tls_policy_maps, but > for smtpd? * just setup another listener on port 588 in master.cf * set "-o smtpd_tls_security_level=may" for that listener * open that port only for specific clients with specific IP's * tell the MSA to use 588 instead 587 we are doing practically the same for customers which need larger rate limits for valid reasons than we normally allow P.S: be *very* careful with "check_client_access", avoid access-restricitions ending with PERMIT whenever you can, they are easily ending in an open relay by small mistakes
Re: Need help with relayhost
Il 29/04/2014 16:15, Wietse Venema ha scritto: leam hall: Apr 29 15:37:26 client sendmail[15767]: s3TJbQGQ015767: s3TJbQGR015767: DSN: Host unknown (Name server: 2.3.4.5: host not found) That is Sendmail not Postfix. Is is unable to deliver some mail. Odd. Apr 29 15:37:26 client postfix/smtpd[15771]: connect from localhost.localdomain[127.0.0.1] That is Postfix. It is receiving a "delivery error report" from Sendmail. This machine runs both Postfix and Sendmail. You need to fix that first. How? That depends on the OS distribution that you are using. Wietse I can fix that. Will do so and see what else I can figure out. Thank you very much! Leam -- http://31challenge.net http://31challenge.net/insight
Re: exclude client from smtpd_tls_security_level = encrypt
On Tue, Apr 29, 2014 at 04:49:48PM -0400, btb wrote:
> for the moment, i've done
>
> smtpd_tls_security_level = may
> smtpd_tls_auth_only = yes
>
> which suffices, but not quite in the manner that i'd prefer.
The alternative to "smtpd_tls_security_level = encrypt" is:
main.cf:
cidr = cidr:${config_directory}/
mua_relay_restrictions =
check_client_access ${cidr}submission_access.cidr,
reject_plaintext_session,
permit_sasl_authenticated,
reject
submission_access.cidr:
192.0.2.1/32OK non-TLS non-SASL client
master.cf:
submission inet n - n - - smtpd
-o syslog_name=postfix/submission
# --
# As strong as mandatory TLS required for SASL AUTH, but not
# otherwise enforced for some clients
#
-o smtpd_tls_security_level=may
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_auth_only=yes
-o smtpd_tls_ciphers=$smtpd_tls_mandatory_ciphers
-o smtpd_tls_protocols=$smtpd_tls_mandatory_protocols
# --
-o smtpd_reject_unlisted_recipient=no
-o smtpd_client_restrictions=$mua_client_restrictions
-o smtpd_helo_restrictions=$mua_helo_restrictions
-o smtpd_sender_restrictions=$mua_sender_restrictions
-o smtpd_recipient_restrictions=
-o smtpd_relay_restrictions=$mua_relay_restrictions
-o milter_macro_daemon_name=ORIGINATING
With Postfix versions older than 2.10 (IIRC) that don't have
smtpd_relay_restrictions, use smtpd_recipient_restrictions instead.
--
Viktor.
