On 10/18/2013 1:47 PM, Viktor Dukhovni wrote: > On Fri, Oct 18, 2013 at 01:24:09PM -0500, Noel Jones wrote: > >>> smtpd_recipient_restrictions = reject_unlisted_recipient, >>> reject_unknown_recipient_domain, check_recipient_access >>> hash:/etc/postfix-internal/recipient_access, >>> permit_sasl_authenticated, permit_mynetworks, reject >> >> The only way an unauthenticated, not-mynetworks client can make it >> through the above is if the check_recipient_access map returns OK. >> Otherwise they get a generic 550 "Access denied" from the final reject. >> >> You have a lurking open relay problem, but are saved by the >> smtpd_relay_restrictions safety net. Fix the problem before it gets >> to the safety net. > > No. Rather, smtpd_relay_restrictions is evaluated (as documented) > before smtpd_recipient_restrictions. >
My apologies. I thought it was after. -- Noel Jones