| 1 |
On Monday, 20 July 2020 18:25:28 BST Michael Orlitzky wrote: |
| 2 |
> On 2020-07-20 12:39, antlists wrote: |
| 3 |
> > On 20/07/2020 15:55, Peter Humphrey wrote: |
| 4 |
> >> fatal: in parameter smtpd_relay_restrictions or |
| 5 |
> >> smtpd_recipient_restrictions, specify at least one working instance of: |
| 6 |
> >> reject_unauth_destination, defer_unauth_destination, reject, defer, |
| 7 |
> >> defer_if_permit or check_relay_domains |
| 8 |
--->8 |
| 9 |
> If you don't specify one of those restrictions in one of those places, |
| 10 |
> your mail server is an open relay. Postfix doesn't let you do that. |
| 11 |
> |
| 12 |
> One of them is set by default; smtpd_relay_restrictions end with |
| 13 |
> defer_unauth_destination on new installs. |
| 14 |
|
| 15 |
That command doesn't appear in my main.cf. |
| 16 |
|
| 17 |
I ended up adding the following to main.cf: |
| 18 |
|
| 19 |
------- |
| 20 |
# Allow connections from trusted networks only. |
| 21 |
smtpd_client_restrictions = permit_mynetworks, reject |
| 22 |
|
| 23 |
# Don't talk to mail systems that don't know their own hostname. |
| 24 |
smtpd_helo_restrictions = reject_unknown_helo_hostname |
| 25 |
|
| 26 |
# Don't accept mail from domains that don't exist. |
| 27 |
smtpd_sender_restrictions = reject_unknown_sender_domain |
| 28 |
|
| 29 |
smtpd_recipient_restrictions = permit_mynetworks, |
| 30 |
permit_sasl_authenticated, |
| 31 |
|
| 32 |
smtpd_relay_restrictions = permit_mynetworks, |
| 33 |
permit_sasl_authenticated, |
| 34 |
reject_unauth_destination |
| 35 |
|
| 36 |
# Block clients that speak too early. |
| 37 |
smtpd_data_restrictions = reject_unauth_pipelining |
| 38 |
|
| 39 |
------- |
| 40 |
|
| 41 |
Those came from http://www.postfix.org/SMTPD_ACCESS_README.html. |
| 42 |
|
| 43 |
I don't know what use the page https://wiki.gentoo.org/wiki/Postfix is: it |
| 44 |
hasn't helped me at all. |
| 45 |
|
| 46 |
As usual, though, the kind people on this list certainly have! Thank you all. |
| 47 |
|
| 48 |
-- |
| 49 |
Regards, |
| 50 |
Peter. |
Archives