> I think Postfix may know it's the final destination for the domains
> in question, otherwise ALL mail would be rejected.
>
>
> Actually that's what is happening. When they moved the MX to point to
> our spam filter servers their server started rejecting ALL their email
> that we are forwarding. The thing that changed on their server is that
> the domains they host are no longer the primary MX. What I'm trying to
> find out is how to overrider the requirement that the primary MX has to
> point to the Postfix server.
>
> Internet ---> junkemailfilter.com ---> postfix server
It's not required to point the MX to the Postfix server! The problem is
the Postfix server does not accept mail addressed to it. If you were
to set the MX back to pointing to the Postfix server, the server would
continue to reject mail addressed to it because it is not configured to
accept mail addressed to it. It's not that you changed the MX record,
it's that the server was reconfigured. We are still shooting in the dark
however, we would need output from 'postcnf -n' and relevent logs to
get any further.
This is the default relay control mechanism:
smtpd_recipient_restrictions =
permit_mynetworks
reject_unauth_destination
And hopefully this generally describes how it works:
SMTP session
|
V
(smtpd_client_restrictions)
V
(smtpd_helo_restrictions)
V
(smtpd_sender_restrictions)
V
smtpd_recipient_restrictions-----
permit_mynetworks
| \
| DUNNO
| \
| V
| reject_unauth_destination------REJECT->
| \
PERMIT DUNNO
| \
V V
(smtpd_data_restrictions)
This says: (permit_mynetworks) if the client is in $mynetworks, skip any
remaining tests in this restriction stage (smtpd_recipient_restrictions)
and go on to the next restriction stage (smtpd_data_restrictions).
If the client is not in $mynetworks, let the next test
(reject_unauth_destination) decide what to do with this
communication session (in other words: pretend nothing
happened and continue on).
So, provided the client is not in $mynetworks, proceed to
reject_unauth_destination, which says:
If the message IS addressed to one of the domains I am responsible
for (domains listed in their proper address class),
then let the next test in this restriction stage decide what to do
with the session. As shown, there is no next test in this stage, so
processing continues on to the next stage (smtpd_data_restrictions).
If the message IS NOT addressed to one of my domains, then reject it.
The client will see 'relay access denied'.
Hopefully this is at least a conceptually accurate decription of the
relay control mechanism.
Notice how
permit_* evalulates to PERMIT (OK) or DUNNO
and
reject_* evalulates to REJECT or DUNNO
Gary V
_________________________________________________________________
Make distant family not so distant with Windows Vista® + Windows Live™.
http://www.microsoft.com/windows/digitallife/keepintouch.mspx?ocid=TXT_TAGLM_CPC_VideoChat_distantfamily_012008
