1***@gmail.com
2017-05-27 22:32:03 UTC
Postfix 3.2.0, I noticed this behaviour on this version may behave and earlier versions, but I have no way to test it, during the processing of the relays applies the rules from "smtpd_relay_restrictions" AFTER rules from "smtpd_recipient_restrictions", that makes the rule of "smtpd_relay_restrictions" is useless, as I have, as in versions prior to 2.10, in the "smtpd_recipient_restrictions" to specify rules for processing and the relays and incoming messages.
As I understand from documentation, this should NOT be, and when you specify rules in "smtpd_relay_restrictions" relays should only be handled by these rules ignore the rules of "smtpd_recipient_restrictions".
In fact, when specifying such settings.
smtpd_relay_restrictions = permit_inet_interfaces, permit_sasl_authenticated, reject_unauth_destination
smtpd_recipient_restrictions = reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unknown_helo_hostname, reject_unknown_client_hostname, reject_rbl_client zen.spamhaus.org
Server rejects connections for relays (remote clients connecting to SMTP/IMAP server after a successful SASL authentication)
postfix/smtpd[3202]: warning: hostname "hostname of client interet provider" does not resolve to address "IP (DUHL) of client Internet provider": Name or service not known
postfix/smtpd[3202]: disconnect from unknown["IP (DUHL) of client Internet provider"]
This should not be! My initial idea rules "reject_unknown_helo_hostname, reject_unknown_client_hostname, reject_rbl_client zen.spamhaus.org" never should have been applied to the relay, but the logs say otherwise.
smtpd_relay_restrictions = permit_inet_interfaces, permit_sasl_authenticated, reject_unauth_destination
smtpd_recipient_restrictions = permit_inet_interfaces, permit_sasl_authenticated, reject_unauth_destination, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unknown_helo_hostname, reject_unknown_client_hostname, reject_rbl_client zen.spamhaus.org
If you add the rule of "smtpd_relay_restrictions" to the beginning of the rules "smtpd_recipient_restrictions", then it works normally as in versions prior to 2.10, but according to the documentation it should not be on version 3.2.0.
As I understand from documentation, this should NOT be, and when you specify rules in "smtpd_relay_restrictions" relays should only be handled by these rules ignore the rules of "smtpd_recipient_restrictions".
In fact, when specifying such settings.
smtpd_relay_restrictions = permit_inet_interfaces, permit_sasl_authenticated, reject_unauth_destination
smtpd_recipient_restrictions = reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unknown_helo_hostname, reject_unknown_client_hostname, reject_rbl_client zen.spamhaus.org
Server rejects connections for relays (remote clients connecting to SMTP/IMAP server after a successful SASL authentication)
postfix/smtpd[3202]: warning: hostname "hostname of client interet provider" does not resolve to address "IP (DUHL) of client Internet provider": Name or service not known
postfix/smtpd[3202]: disconnect from unknown["IP (DUHL) of client Internet provider"]
This should not be! My initial idea rules "reject_unknown_helo_hostname, reject_unknown_client_hostname, reject_rbl_client zen.spamhaus.org" never should have been applied to the relay, but the logs say otherwise.
smtpd_relay_restrictions = permit_inet_interfaces, permit_sasl_authenticated, reject_unauth_destination
smtpd_recipient_restrictions = permit_inet_interfaces, permit_sasl_authenticated, reject_unauth_destination, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unknown_helo_hostname, reject_unknown_client_hostname, reject_rbl_client zen.spamhaus.org
If you add the rule of "smtpd_relay_restrictions" to the beginning of the rules "smtpd_recipient_restrictions", then it works normally as in versions prior to 2.10, but according to the documentation it should not be on version 3.2.0.