Hi,

We have just setup a new postfix server to act as an antispam gateway in our network.
Under smtpd_recipient_restrictions, we have the following configuration:

smtpd_recipient_restrictions =

reject_unknown_sender_domain

reject_unknown_recipient_domain

permit_mynetworks

reject_unauth_destination

reject_unauth_pipelining

reject_invalid_hostname

reject_non_fqdn_helo_hostname

reject_non_fqdn_sender

reject_non_fqdn_recipient

permit



mynetwork has the following values 127.0.0.0/8 and 192.168.0.0/24 which is the network subnet for the LAN.

According to this settings, the computer on the LAN, would be able to send emails even if they type an invalid

domain on RCPT TO as permit_mynetworks is before reject_unknown_recipient_domain.
But the thing is that with this settings, the server is acting as an open relay and all the computers out on the

Internet are able to relay mail through it (to domains that are not listed inside /etc/postfix/relay_domains).

If we remove the network segment for the LAN on mynetwork, then no computer is able to send email to the server.

I don´t know if is relevant, but we have a firewall with NAT to redirect the traffic on port 25 to the private IP of the server.

It would be great if someone could give us a hand or correct the configuration of the main.cf if there is something wrong

Thanks very much in advance

Hi

I'm not any expert or anything about Postfix, but maybe this simple guide could help you set
or maybe here you could find explanation of some settings to check out.

Good luck