My question is how to figure out why smtpd_relay_restrictions is being
used for local recipients.
(In the following, I've renamed the local domain name (which is listed
in mydestination) to example.com to prevent email harvesting.)
I upgraded a system from openSUSE 13.1 to 13.2 and got Postfix
On 3/9/2015 10:46 AM, Earl Killian wrote:
On 2015/3/9 08:12, Noel Jones wrote:
You have misunderstood the purpose of smtpd_relay_restrictions.
Your mail is rejected by the final reject you placed.
*ALL* mail is evaluated by smtpd_relay_restrictions, and unless you
have very unusual relay
On 3/9/2015 6:14 AM, Earl Killian wrote:
My question is how to figure out why smtpd_relay_restrictions is
being used for local recipients.
(In the following, I've renamed the local domain name (which is
listed in mydestination) to example.com to prevent email harvesting.)
I upgraded a
On 2015/3/9 08:12, Noel Jones wrote:
You have misunderstood the purpose of smtpd_relay_restrictions.
Your mail is rejected by the final reject you placed.
*ALL* mail is evaluated by smtpd_relay_restrictions, and unless you
have very unusual relay requirements, you should either set it
empty, or
I would instead suggest setting the relay access to:
check_sender_access hash:/etc/postfix/relay_auth, reject_unauth_destination
where /etc/postfix/relay_auth is:
YOUR_DOMAIN permit_mynetworks, reject
[EXTERNAL_IP_OF_SMTP_SERVER] permit_mynetworks, reject
This protects agains most malicious
I have noticed some automated open relay testing services do fail a domain
if it rejects a relay too early (eg in MAIL FROM).
And you are a bit wrong with IP adress lookup. Yes, check_sender_access do
not itself lookup IPs.
But the rules I listed, will effectively expand to the rule:
On Mon, Mar 09, 2015 at 05:56:20PM +0100, Sebastian Nielsen wrote:
I would instead suggest setting the relay access to:
check_sender_access hash:/etc/postfix/relay_auth, reject_unauth_destination
where /etc/postfix/relay_auth is:
YOUR_DOMAIN permit_mynetworks, reject
Viktor and I are in agreement here. The smtpd_relay_restrictions
should be kept as simple as possible to prevent accidents.
It's too easy to make a mistake in a check_*_access table and
inadvertently create an open relay. That's why
smtpd_relay_restrictions was invented.
It's fine to have a
On Mon, Mar 09, 2015 at 07:50:13PM +0100, Sebastian Nielsen wrote:
You propably didnt understand what I mean with open relay testing services
failing a domain that rejects a relay too early:
Imagine you did do as you told with putting the table in
smtpd_sender_restrictions, and
On Mon, Mar 09, 2015 at 06:53:21PM +0100, Sebastian Nielsen wrote:
I have noticed some automated open relay testing services do fail a domain
if it rejects a relay too early (eg in MAIL FROM).
Obviously, Postfix cannot and does not reject relay attempts at
MAIL FROM. At that point the
You propably didnt understand what I mean with open relay testing services
failing a domain that rejects a relay too early:
Imagine you did do as you told with putting the table in
smtpd_sender_restrictions, and smtpd_delay_reject = no.
Imagine now a relay testing tool tests the server, and
11 matches
Mail list logo
