Per Jessen: > I have just built 2.11.1 from source, but otherwise retained > my old config. > > For outgoing mail via port 587, I have the following: > > smtpd_recipient_restrictions=permit_mynetworks, > reject_non_fqdn_recipient, > reject_unknown_recipient_domain, > permit_sasl_authenticated, > check_client_access hash:/etc/postfix-in/pop-before-smtp > reject_unauth_destination > > Judging by a trace, it looks like "check_client_access" is being > ignored? > > smtpd[20213]: >>> START Recipient address RESTRICTIONS <<< > smtpd[20213]: generic_checks: name=permit_mynetworks > smtpd[20213]: permit_mynetworks: kzinti.enidan.ch 88.198.24.135 > smtpd[20213]: match_hostname: kzinti.enidan.ch ~? 192.168.2.0/24 > smtpd[20213]: match_hostaddr: 88.198.24.135 ~? 192.168.2.0/24 > smtpd[20213]: match_hostname: kzinti.enidan.ch ~? 127.0.0.0/8 > smtpd[20213]: match_hostaddr: 88.198.24.135 ~? 127.0.0.0/8 > smtpd[20213]: match_hostname: kzinti.enidan.ch ~? 10.42.8.253 > smtpd[20213]: match_hostaddr: 88.198.24.135 ~? 10.42.8.253 > smtpd[20213]: match_hostname: kzinti.enidan.ch ~? 10.42.8.249 > smtpd[20213]: match_hostaddr: 88.198.24.135 ~? 10.42.8.249 > smtpd[20213]: match_hostname: kzinti.enidan.ch ~? 192.168.3.0/24 > smtpd[20213]: match_hostaddr: 88.198.24.135 ~? 192.168.3.0/24 > smtpd[20213]: match_list_match: kzinti.enidan.ch: no match > smtpd[20213]: match_list_match: 88.198.24.135: no match > smtpd[20213]: generic_checks: name=permit_mynetworks status=0 > smtpd[20213]: generic_checks: name=permit_sasl_authenticated
Note that this has no reject_unknown_recipient_domain. That's because Postfix is not evalating smtpd_recipient_restrictions! With Postfox 2.11, relay access control is enforced with smtpd_relay_restrictions. Either set smtpd_relay_restrictions instead of smtpd_recipient_restrictions, or sent "smtpd_relay_restrictions=" i.e. empty. Wietse > smtpd[20213]: generic_checks: name=permit_sasl_authenticated status=0 > smtpd[20213]: generic_checks: name=defer_unauth_destination > smtpd[20213]: reject_unauth_destination: supp...@example.com > smtpd[20213]: permit_auth_destination: supp...@example.com > smtpd[20213]: ctable_locate: leave existing entry key > supp...@example.com > smtpd[20213]: NOQUEUE: reject: RCPT from > kzinti.enidan.ch[88.198.24.135]: 454 4.7.1 <supp...@example.com>: Relay > access denied; from=<p...@jessen.ch> to=<supp...@example.com> > proto=ESMTP helo=<klop99> > smtpd[20213]: generic_checks: name=defer_unauth_destination status=2 > smtpd[20213]: >>> END Recipient address RESTRICTIONS <<< > > > Should there not be a trace entry after "permit_sasl_authenticated > status=0" that checks my pop-before-smtp table? > What am I over looking? > > > -- > Per Jessen, Z?rich (24.9?C) > http://www.dns24.ch/ - your free DNS host, made in Switzerland. > >