On Thu, Jan 14, 2021 at 10:14:49AM -0500, Bill Cole wrote:
> > to log all parameters, like mail from: and rcpt to:
> > Helps much when digging logs why was someone's mail refused.
>
> Also, technically, because smtpd_delay_reject is "yes" which is the
> default in recent versions of Postfix.
Not just "recent", every stable release (starting with 1.0):
https://github.com/vdukhovni/postfix/blame/master/postfix/src/global/mail_params.h#L2406-L2408
on by default since 19990510.
> > you can disable the helo checks. I don't recommend that.
>
> Rather than disabling helo checks, it is possible to put them in
> smtpd_recipient_restrictions or smtpd_relay_restrictions *AFTER* actual
> relay restrictions, so that the first error hit is the unauthorized
> relay.
Unfortunately, smtpd_recipient_restrictions runs *before*
smtpd_relay_restrictions (in recent Postfix releases), and there was
some discussion of making that configurable, but I forget where that
ended up... I agree that one would naively expect the relay checks
to run first, and the current behaviour (though "safer" in some
sense) is surprising.
--
Viktor.
