On 2024-07-22 at 11:08:48 UTC-0400 (Mon, 22 Jul 2024 10:08:48 -0500)
Chris Wopat via Postfix-users <m...@falz.net>
is rumored to have said:
Thanks for the replies, a few comments below from a few replies:
On Mon, Jul 22, 2024 at 8:45 AM Matus UHLAR - fantomas via
Postfix-users <postfix-users@postfix.org> wrote:
"smtpd_reject_unlisted_recipient=no" is why recipient is not rejected
on port 587.
Can this be added to port 25 somehow?
Yes. Anything in master.cf after a "-o" is just a service-specific
exception to the configuration set in main.cf. So, you could add it to
the smtpd line in master.cf or to main.cf.
[...]
On Mon, Jul 22, 2024 at 9:14 AM Wietse Venema via Postfix-users
<postfix-users@postfix.org> wrote:
The proper workaround is to list relay destinations in
main.cf:relay_domains,
and to list valid relay recipients in main.cf:relay_recipient_maps.
We cannot do a list of domains to relay, as we're an ISP and we're
allowing mail relay to downstream customers (schools, k12s, colleges,
etc).
Non-sequitur. Surely you must have some record of what domains you relay
TO (i.e. who your customers are,) it's just a matter of hooking that
into a Postfix map. It need not be a static list, it can be LDAP or an
SQL database. If you don't restrict the domains that you will retail TO,
you will find your server abused and widely blocked. There may be a way
to make Postfix relay for any domain that points an MX record to it, as
can be done in Sendmail, but it is in advisable.
We're simply whitelisting their source IP's to permit relay
That's for outbound relay, relaying FROM customers. Authentication would
be a better way to control that, but if you believe that your
customers' networks are always trustworthy, IP-based is reasonable.
After all, it's almost universal for people to use permit_mynetworks.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo@toad.social and many *@billmail.scconsult.com
addresses)
Not Currently Available For Hire
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org