In addition to what I have written below:
It turns out I was wrong about those changes. In fact, it was still
relaying. Since then I made the following changes and now it seems to be
working more or less.
Changes:
smtpd_client_restrictions = check_relay_domains, reject_unknown_client
relay_domains = $mydestination, $virtual_domains
virtual_domains = domain1.com, domain2.com
So, now mail can be sent by anyone to either my domain or a virtual
domain, but to no other addresses. At least using a mail client and
telneting in, I always got a relay reject on any other addresses.
Nevertheless, can you believe this?
3811834B365 9269 Thu Oct 10 14:54:35 (MAILER-DAEMON)
[EMAIL PROTECTED]
37F013474D0 4484 Thu Oct 10 15:07:45 (MAILER-DAEMON)
[EMAIL PROTECTED]
Although I made the changes at around 14:45.
Curtis
Curtis Vaughan wrote:
> So, here's some history.
>
> My SEMSIII is relaying outside mail.
>
> Some relevant parameters in main.cf and a history follows:
>
> Originally, these lines were in there:
>
> smtpd_sender_restrictions = hash:/etc/postfix/access
> smtpd_recipient_restrictions = ldap:ldapmailenab,
> permit_tls_clientcerts, permit_sasl_authenticated,
> permit_mynetworks, check_sender_access,
> check_relay_domains
>
>
> On the advice of a user I made the following addition:
>
> smtpd_client_restrictions = permit_mynetworks, reject_unknown_client
>
>
> However, it was still relaying. So, I commented out the lines that
> were originally there so that it read.
>
> #smtpd_sender_restrictions = hash:/etc/postfix/access
> #smtpd_recipient_restrictions = ldap:ldapmailenab,
> permit_tls_clientcerts, permit_sasl_authenticated,
> permit_mynetworks, check_sender_access,
> check_relay_domains
> smtpd_client_restrictions = permit_mynetworks, reject_unknown_client
>
>
> Now, it stopped relaying for anyone sending mail to anyone who is not
> part of my domain (mynetworks).
>
> Check this out however! Looking at mailq I get the following output
> even now:
>
> 35FFE34D70C 3000 Thu Oct 10 10:00:48 (MAILER-DAEMON)
> [EMAIL PROTECTED]
>
> 35AED347242 2998 Thu Oct 10 10:18:14 (MAILER-DAEMON)
> [EMAIL PROTECTED]
>
> 3562134889E 2927 Thu Oct 10 10:18:32 (MAILER-DAEMON)
> [EMAIL PROTECTED]
>
> 352CE34762C 2934 Thu Oct 10 10:27:04 (MAILER-DAEMON)
> [EMAIL PROTECTED]
>
> 3F774348E4F 10179 Tue Oct 8 09:13:25 [EMAIL PROTECTED]
> (connect to ns.perceptics.com[208.252.202.66]: Connection
> refused)
> [EMAIL PROTECTED]
> (connect to ns.perceval.be[194.183.227.1]: Connection
> refused)
> [EMAIL PROTECTED]
>
> I don't remember the exact time I commented out those lines and
> therefore prevented any relaying, but it was before 10:00. Where the
> hell is this coming from then?
> Curtis
>
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
