1 |
On Monday, 20 July 2020 18:25:28 BST Michael Orlitzky wrote: |
2 |
> On 2020-07-20 12:39, antlists wrote: |
3 |
> > On 20/07/2020 15:55, Peter Humphrey wrote: |
4 |
> >> fatal: in parameter smtpd_relay_restrictions or |
5 |
> >> smtpd_recipient_restrictions, specify at least one working instance of: |
6 |
> >> reject_unauth_destination, defer_unauth_destination, reject, defer, |
7 |
> >> defer_if_permit or check_relay_domains |
8 |
--->8 |
9 |
> If you don't specify one of those restrictions in one of those places, |
10 |
> your mail server is an open relay. Postfix doesn't let you do that. |
11 |
> |
12 |
> One of them is set by default; smtpd_relay_restrictions end with |
13 |
> defer_unauth_destination on new installs. |
14 |
|
15 |
That command doesn't appear in my main.cf. |
16 |
|
17 |
I ended up adding the following to main.cf: |
18 |
|
19 |
------- |
20 |
# Allow connections from trusted networks only. |
21 |
smtpd_client_restrictions = permit_mynetworks, reject |
22 |
|
23 |
# Don't talk to mail systems that don't know their own hostname. |
24 |
smtpd_helo_restrictions = reject_unknown_helo_hostname |
25 |
|
26 |
# Don't accept mail from domains that don't exist. |
27 |
smtpd_sender_restrictions = reject_unknown_sender_domain |
28 |
|
29 |
smtpd_recipient_restrictions = permit_mynetworks, |
30 |
permit_sasl_authenticated, |
31 |
|
32 |
smtpd_relay_restrictions = permit_mynetworks, |
33 |
permit_sasl_authenticated, |
34 |
reject_unauth_destination |
35 |
|
36 |
# Block clients that speak too early. |
37 |
smtpd_data_restrictions = reject_unauth_pipelining |
38 |
|
39 |
------- |
40 |
|
41 |
Those came from http://www.postfix.org/SMTPD_ACCESS_README.html. |
42 |
|
43 |
I don't know what use the page https://wiki.gentoo.org/wiki/Postfix is: it |
44 |
hasn't helped me at all. |
45 |
|
46 |
As usual, though, the kind people on this list certainly have! Thank you all. |
47 |
|
48 |
-- |
49 |
Regards, |
50 |
Peter. |