On Mon, 26 Jan 2026 16:01:09 -0800, Viktor Dukhovni via Postfix-users wrote:
> It isn't "ordering", rather the use of "permit_auth_destination" is
> unnecessary and counterproductive. Just simplify to:
>
> smtpd_recipient_restrictions =
> permit_mynetworks,
> permit_sasl_authenticated,
> reject_unauth_destination,
> reject_unverified_recipient
and not split off smtpd_relay_restrictions?
> Where I am also recommending deletion of
> "reject_unknown_recipient_domain", because you're unlikely to, and
> should not have, any "unknown" domains that pass
> "reject_unauth_destination".
makes sense
> For "reject_unknown_recipient_domain" to make sense, it would have to be
> listed first, before "permit_mynetworks, ..." so that invalid recipient
> domains are also rejected in outbound mail from your own users (rather
> than queued and bounced).
ok, makes sense
> I'm surprised to not see any mainstream RBLs in that setting. How
> 'bout:
>
> smtpd_recipient_restrictions =
> permit_mynetworks,
> permit_sasl_authenticated,
> reject_unauth_destination,
> # Or if you prefer another high quality RBL, use that.
> reject_rbl_client zen.spamhaus.org,
> reject_unverified_recipient
rather than
postscreen_dnsbl_sites =
list.dnswl.org=127.0.[0..255].[1..3]*-5
zen.spamhaus.org*2
which is what i have now
randy
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
