Hi, Some time ago I posted my smtpd_recipient_restrictions because I was having a problem with unauthorized relaying (basically I had become an open relay!), and received some suggestions. However, I think there is still a problem and I'm open to relaying.
I'm still using postfix-1.x, set up with two queues. As a side question, is there going to be significant configuration changes to upgrade to the current from 1.x? Reading from a message in the second queue waiting to be delivered, the source IP is not one from the pop-before-smtp database and is not from the internal network. The destination is is a user at yahoo.com. How could this happen? Below is the recipient restrictions from the first instance: smtpd_recipient_restrictions = reject_non_fqdn_sender reject_non_fqdn_recipient permit_mynetworks check_client_access hash:/etc/postfix/pop-before-smtp reject_unauth_destination reject_invalid_hostname reject_non_fqdn_hostname reject_unknown_sender_domain # reject_unknown_recipient_domain # reject_unauth_pipelining check_client_access hash:/etc/postfix/client_checks check_client_access pcre:/etc/postfix/client_checks.pcre check_recipient_access pcre:/etc/postfix/recipient_checks check_helo_access hash:/etc/postfix/helo_checks check_sender_access hash:/etc/postfix/sender_checks check_sender_access hash:/etc/postfix/disallow_my_domain check_recipient_access pcre:/etc/postfix/recipient_checks.pcre maps_rbl_domains = zen.spamhaus.org, cbl.abuseat.org, sbl.spamhaus.org, pbl.spamhaus.org disable_vrfy_command = yes I've also tried to put the email address from the header "From:" into client_checks to block them, and it does not appear to work. check_client_access is a restriction on the regular header information, not the envelope header, correct? Can someone help me to clarify? Any help greatly appreciated! Thanks, Alex