On 2021-07-28 at 07:15:13 UTC-0400 (Wed, 28 Jul 2021 13:15:13 +0200)
Jean-François Bachelet <jfbache...@free.fr>
is rumored to have said:
[...]
I've tried to concatenate the two lines in one, putting the permit
stances from line 699 after the line 709 like below
but that don't work either perhaps I should have commented out the
line 'permit' or put that permit lines before the reject ones ?
smtpd_recipient_restrictions =
reject_invalid_hostname,
reject_unknown_recipient_domain,
reject_unauth_destination,
reject_rbl_client
sbl.spamhaus.org,
permit
permit_mynetworks,
permit_auth_destination,
permit_sasl_authenticated,
reject
You need to read the relevant documentation (SMTPD_ACCESS_README) and
think about the order of those, which matters.
Each smtpd_*_restrictions list is evaluated *IN ORDER* with the first
permit/reject directive to match a transaction being the result for the
whole list. As a result, any simple "permit" or "reject" directive
should be LAST in a restrictions list, because nothing after those
unconditional rules will ever be checked.
You also need to think about what restrictions you actually want in
main.cf (applying by default to all smtpd instances) and which you want
to use only as overrides in master.cf for specific services (e.g.
submission port 587 and submissions/smtps on port 465.) Typically you do
not want or need permit_sasl_authenticated on port 25 or
permit_mynetworks on 465/587. Rather than patching together snippets of
text that happened to exist in an overall broken configuration, you
should think about what configuration you actually want.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
