On Monday, 20 July 2020 18:25:28 BST Michael Orlitzky wrote:
> On 2020-07-20 12:39, antlists wrote:
> > On 20/07/2020 15:55, Peter Humphrey wrote:
> >> fatal: in parameter smtpd_relay_restrictions or
> >> smtpd_recipient_restrictions, specify at least one working instance of:
> >> reject_unauth_destination, defer_unauth_destination, reject, defer,
> >> defer_if_permit or check_relay_domains
--->8
> If you don't specify one of those restrictions in one of those places,
> your mail server is an open relay. Postfix doesn't let you do that.
>
> One of them is set by default; smtpd_relay_restrictions end with
> defer_unauth_destination on new installs.
That command doesn't appear in my main.cf.
I ended up adding the following to main.cf:
-------
# Allow connections from trusted networks only.
smtpd_client_restrictions = permit_mynetworks, reject
# Don't talk to mail systems that don't know their own hostname.
smtpd_helo_restrictions = reject_unknown_helo_hostname
# Don't accept mail from domains that don't exist.
smtpd_sender_restrictions = reject_unknown_sender_domain
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
smtpd_relay_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination
# Block clients that speak too early.
smtpd_data_restrictions = reject_unauth_pipelining
-------
Those came from http://www.postfix.org/SMTPD_ACCESS_README.html.
I don't know what use the page https://wiki.gentoo.org/wiki/Postfix is: it
hasn't helped me at all.
As usual, though, the kind people on this list certainly have! Thank you all.
--
Regards,
Peter.
