On Wed, Mar 27, 2013 at 3:56 PM, Stan Hoeppner <[email protected]> wrote:
> It seems pretty clear you need to convert to putting everything under
> smtpd_recipient_restrictions. Makes things a lot easier. I give an
> example of this in the instructions as well. Doing so gives you precise
> control of restriction evaluation order. Frankly I'm surprised anyone
> still uses the old multi-section restrictions configuration these days.
> If after Google you need help converting, let us know.
Hi Stan,
Of course I'm grateful for the file and the instructions inside, which
is why I was excited to try it, and I have no problem doing the
restrictions in the single list if it's the accepted best way, but
it's different from the advice I found and got on a separate thread
that it's safer to place the relay restrictions into
smtpd_relay_restrictions instead.
So I just wanted to be sure to understand the difference before making
changes blindly and adding yet more open relays to the Internet, and
possibly getting myself blacklisted in the process. ;)
FWIW, I didn't do it wrong when I added it to
smtpd_relay_restrictions, I already checked this before posting:
smtpd_relay_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
# check_reverse_client_hostname_access pcre:/etc/postfix/fqrdns.pcre,
reject_unauth_destination
So the evaluation order issue must have been caused by using two
lists, instead of the ordering in relay_restrictions.
Matthew.
