I have a small Postfix server that I'm using to familiarise more with configuration of restrictions. I'm handing off all mail to a virtual transport which delivers it elsewhere. I'm not using local transport at all on this server.
While experimenting with smtpd_recipient_restrictions, I noticed that mails sent to the postmaster (RCPT TO: <postmaster>) bypass all restrictions. I don't understand why and I can't find any configuration settings that would make that happen. For example... 629 $ telnet test 25 Trying 192.168.108.124... Connected to test. Escape character is '^]'. 220 test.mytestdomain.org ESMTP Postfix HELO . 250 test.mytestdomain.org MAIL FROM:<j...@somewhere.com> 250 2.1.0 Ok RCPT TO: <d...@mydomain.com> 501 5.5.2 <.>: Helo command rejected: Invalid name RCPT TO: <postmaster> 250 2.1.5 Ok DATA 354 End data with <CR><LF>.<CR><LF> test . 250 2.0.0 Ok: queued as 5AD8D2F2 This is with a vanilla install of Postfix 3.4.12 and the below main.cf: compatibility_level = 2 myhostname = test.mytestdomain.org myorigin = $mydomain relayhost = [relay.somewhere.else] inet_protocols = ipv4 smtpd_helo_required = yes smtpd_recipient_restrictions = reject_non_fqdn_sender reject_unknown_sender_domain permit_mynetworks reject_unauth_destination reject_non_fqdn_recipient reject_invalid_hostname permit virtual_mailbox_domains = hash:/etc/postfix/virtual_mailbox_domains virtual_alias_maps = pcre:/etc/postfix/virtual_alias_maps virtual_transport = lmtp:inet:imapserver:24 Only unqualified postmaster bypasses the restrictions, anything else (including a postmaster fqdn) triggers them as expected. In the above, the helo should fail, etc. I've read that one should accept mail to postmaster but the documentation seems to suggest this needs to be configured rather than being default behaviour, so I'm surprised to see it doing that out of the box - I'd like to understand why, if anyone can help?
