Hi, question with this setting. Per the following explanation from Postfix, it appears that by providing the value "reject_unauth_destination", Postfix will only accept a mail if the recipient belongs to either i) an account managed by Postfix (ie no need to forward any more), or ii) a domain listed in the $relay_domains setting.
Any ideas why?
http://www.postfix.org/postconf.5.ht...th_destination
Quote:
reject_unauth_destination
Reject the request unless one of the following is true:- Postfix is mail forwarder: the resolved RCPT TO domain matches $relay_domains or a subdomain thereof, and contains no sender-specified routing (user@elsewhere@domain),
- Postfix is the final destination: the resolved RCPT TO domain matches $mydestination, $inet_interfaces, $proxy_interfaces, $virtual_alias_domains, or $virtual_mailbox_domains, and contains no sender-specified routing (user@elsewhere@domain).
The relay_domains_reject_code parameter specifies the response code for rejected requests (default: 554).
|
Now what doesn't add up are the following:
1) When I try to send a mail from my phone to my Hotmail account via this Postfix server, it works. I thought I wouldn't be able to do so because I have the following set, and the reject_unauth_destination setting is as described above should have blocked this because hotmail.com does NOT belongs to either i) an account managed by Postfix (ie no need to forward any more), or ii) a domain listed in the $relay_domains setting as I have not set relay_domains.
Even if relay_domains taking on its default value from $mydestination wouldn't make a difference because hotmail.com also isn't on the list for $mydestination.
Code:
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client zen.spamhaus.org
2) When I tried to remove the value "reject_unauth_destination" from the "smtpd_recipient_restrictions" setting, I see the errors in /var/log/maillog (shown below). I thought I can remove it because it is redundant since I have enforced SASL for all SMTP clients and disallowed anonymous sender. Snippet of my /etc/postfix/main.cf is pasted below.
Code:
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = cyrus
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_rbl_client zen.spamhaus.org
Code:
Jan 1 21:36:14 www postfix/master[29314]: daemon started -- version 2.3.3, configuration /etc/postfix
Jan 1 21:37:37 www postfix/smtpd[29362]: fatal: parameter "smtpd_recipient_restrictions": specify at least one working instance of: check_relay_domains, reject_unauth_destination, reject, defer or defer_if_permit
Jan 1 21:37:38 www postfix/master[29314]: warning: process /usr/libexec/postfix/smtpd pid 29362 exit status 1