On 3/27/2013 7:07 PM, Matthew Hall wrote: > > smtpd_relay_restrictions = > permit_sasl_authenticated, > permit_mynetworks, > # check_reverse_client_hostname_access pcre:/etc/postfix/fqrdns.pcre, > reject_unauth_destination
The above is wrong in two ways. First, anti-spam access lists MUST be after reject_unauth_destination. Secondly, anti-spam access lists don't belong in smtpd_relay_restrictions. The intent of smtpd_relay_restrictions is a safety net to prevent unintentional open relays that sometimes happen in anti-spam controls. Unless you have complex relay controls (and don't confuse complex relay controls with complex anti-spam controls!) you should have only smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination All your anti-spam stuff goes in the other smtpd_*_restrictions. It's often convenient to put all anti-spam controls under smtpd_recipient_restrictions, as suggested elsewhere in this thread. -- Noel Jones