On Mon, Mar 22, 2021 at 01:35:12PM +1100, Phil Biggs wrote:
> Mar 21 14:50:35 postfix/postscreen[3804]: CONNECT from [18.205.72.90]:43471
> to [192.168.11.2]:25
> Mar 21 14:50:41 postfix/postscreen[3804]: PASS NEW [18.205.72.90]:43471
> Mar 21 14:50:43 postfix/smtpd[3806]: connect from
> keeper-us-east-1c.mxtoolbox.com[18.205.72.90]
> Mar 21 14:50:45 postfix/cleanup[3810]: 05625DF30B:
> message-id=<[email protected]>
> Mar 21 14:50:45 postfix/qmgr[735]: 05625DF30B:
> from=<[email protected]>, size=233, nrcpt=1 (queue active)
> Mar 21 14:50:45 postfix/smtp[3811]: Trusted TLS connection established to
> mail.aussiebroadband.com.au[121.200.0.25]:25: TLSv1.3 with cipher
> TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature
> RSA-PSS (2048 bits) server-digest SHA256
> Mar 21 14:50:46 postfix/smtp[3811]: 05625DF30B:
> to=<[email protected]>,
> relay=mail.aussiebroadband.com.au[121.200.0.25]:25, delay=1.1,
> delays=0.01/0.02/0.99/0.03, dsn=2.1.5, status=deliverable (250 2.1.5 Ok)
It looks like you have "reject_unverified_recipient" in your
smtpd_recipient_restrictions. With relay control implemented in
smtpd_relay_restrictions.
In Postfix 3.5, smtpd_relay_restrictions are implemented *after*
smtpd_recipient_restrictions. In Postfix 3.6, if your compatibility
level is set to 3.6 or higher, or you explicitly set:
smtpd_relay_before_recipient_restrictions = yes
the these are evaluated as documented and expected, rather than
in backwards-compatible safety-net order.
--
Viktor.
