Hi,
>> Okay, I've even put the sender_access map first and it is still
>> rejected. Below is the output from postconf:
>
> NEVER put sender whitelists first in smtpd_recipient_restrictions,
> do put them after "reject_unauth_destination", but before any
> sender-specific restrictions that require a whitelist.
Yes, understood. I thought it would be a definitive way to test, by
ruling out other restrictions. I've since removed it.
And this is a potential relay in the first place because domains can
be spoofed, correct?
>> smtpd_sender_restrictions =
>> permit_sasl_authenticated,
>> permit_mynetworks,
>> reject_non_fqdn_sender,
>> reject_unknown_sender_domain,
>> reject_unauth_pipelining,
>> permit
>
> Remove the sender checks from the recipient restrictions, and apply
> the whitelist in the sender checks.
I did this, and it still doesn't work. I've added it in the
smtpd_sender_restrictions section:
smtpd_sender_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
check_sender_access hash:/etc/postfix/sender_checks,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_unauth_pipelining,
permit
And the "permit" isn't really necessary, correct?
Ideas greatly appreciated.
Thanks,
Alex
