This should really be fixed. SMTPD_ACCESS_README (five times),
ADDRESS_VERIFICATION_README and RESTRICTION_CLASS_README specify that
"reject_unauth_destination is not needed here [= in
smtpd_recipient_restrictions] if the mail relay policy is specified
under smtpd_relay_restrictions".
Nick wrote:
But postconf(5) says "smtpd_recipient_restrictions ... applies in the
context of a client RCPT TO command, after smtpd_relay_restrictions."
If smtpd_relay_restrictions applies first, why didn't its
reject_unauth_destination cause rejection before anything in
smtpd_recipient_r
On 2019-11-19 08:37 GMT, Viktor Dukhovni wrote:
> Sadly, the implementation changed without a documentation update.
I see.
> > If possible, when my server receives an unwanted relay attempt I would
> > prefer it did not make pointless queries to third parties. Can that
> > be accomplished?
>
>
On Tue, Nov 19, 2019 at 08:21:07AM +, Nick wrote:
> > Because Postfix evaluates smtpd_relay_restrictions *after* it checks
> > smtpd_recipient_restrictions.
>
> postconf(5) says the opposite.
>
> smtpd_recipient_restrictions (default: see postconf -d output)
>Optional restrictions
On 2019-11-19 05:59 GMT, Viktor Dukhovni wrote:
> On Mon, Nov 18, 2019 at 09:40:24PM +, Nick wrote:
>
> > Why did reject_unauth_destination (line 11) only take effect after the
> > probe (line 8, if that's what it is) and after check_policy_service
> > (line 10)?
>
> Because Postfix evaluates
On Mon, Nov 18, 2019 at 09:40:24PM +, Nick wrote:
> Why did reject_unauth_destination (line 11) only take effect after the
> probe (line 8, if that's what it is) and after check_policy_service
> (line 10)?
Because Postfix evaluates smtpd_relay_restrictions *after* it checks
smtpd_recipient_re
On 2019-11-18 23:05 GMT, Gregory Heytings wrote:
> In lines 5-9 your server checks that the recipient address of the email the
> client would like to send, namely "***@gmail.com", is deliverable. This
> happens because you have "reject_unverified_recipient" in
> "smtpd_recipient_restrictions" (
1 Nov 18 01:28:37 rolly postfix/postscreen[26770]: CONNECT from
[162.246.19.201]:61693 to [46.235.227.79]:25
2 Nov 18 01:28:43 rolly postfix/postscreen[26770]: PASS NEW
[162.246.19.201]:61693
3 Nov 18 01:28:43 rolly postfix/smtpd[26774]: warning: hostname
rever.aftermathdevelopment.com does
Below is a postmaster notification about a relay attempt. The
notification is from my server running 3.4.7 on debian stable.
Out: 220 mail.acrasis.net ESMTP Postfix (Debian/GNU)
In: HELO win-sa71d6ou2qs.domain
Out: 250 mail.acrasis.net
In: MAIL FROM:
Out: 250 2.1.0 Ok
In: RCPT TO:<**
