On 1/22/2013 8:52 PM, Tom Tucker wrote:
> I am struggling with a configuration that might be impossible. Hopefully
> the list can help guide me.
>
> I want to allow internal systems the ability to relay emails to my domains
> even though they might get caught with
> 'reject_unknown_reverse_client_hostname'. Possible? If yes, I am unsure
> how to configure smtpd_sender_restrictions and smtpd_recipient_restrictions
> to support such.
>
>
> Current non-working configuration for this scenario
> ------------------------------------------------------------------------
> smtpd_sender_restrictions = permit_mynetworks,
> reject_unknown_sender_domain, reject_non_fqdn_sender
>
> smtpd_recipient_restrictions = reject_unknown_reverse_client_hostname,
> reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname,
> reject_unauth_destination, reject_non_fqdn_recipient,
> reject_unknown_recipient_domain, reject_unverified_recipient
Don't specify the separate restriction classes. Put everything under
smtpd_recipient_restrictions. This way you can manipulate the precise
order of your restrictions. Remember, "first match wins". If you
specify them separately you must put all permit actions at the start of
each class section. Ergo each would need to start each with
"permit_mynetworks". Here's an example of the EURR method. There is no
client, sender, or helo restriction section, only this:
smtpd_recipient_restrictions =
permit_mynetworks
reject_unauth_destination
reject_unknown_reverse_client_hostname
reject_non_fqdn_sender
reject_non_fqdn_helo_hostname
reject_invalid_helo_hostname
reject_unknown_helo_hostname
reject_unlisted_recipient
...
Using this method, permit_mynetworks will match your local hosts before
reject_unknown_reverse_client_hostname matches. First match wins, and
you only have one class, so this solves your problem.
--
Stan
