Hi, I have the idea to simply put "permit" at the end of smtpd_recipient_restrictions. No, I don't want open relay :) but I do all the checks to make it secure in sender_recipient_restrictions. Postfix nicely wants to change my mind about this idea. So my question that: is it safe to do what I want to do, _IF_ I am sure I did every possible checks&rejects in sender_recipient_restrictions (or before)? I plan to use permit_sasl_authenticated and reject in sender_recipient_restrictions. Or should I repeat that step in sender_recipient_restrictions too then? I'm using smtpd_delay_reject = no if it counts. Just I have the idea that using permit_sasl_authenticated (and also some other checks like IP based relay given by ldap map) here too makes overhead: why should I do the same steps (and at every RCPT TO: given!) again what I've already done at a previous stage of SMTP protocol? It's a mail submit server. I can't provide exact configuration since I am about doing it right now, just I am curious about your opinion on this issue.
I may use "check_recipient_access static:OK, reject" at the end of smtpd_recipient_restrictions to trick postfix do not complain that I don't want to use reject at the end of smtpd_recipient_restrictions :) Thanks a lot in advance, - Gábor
