Monday, March 22, 2021, 2:56:17 PM, Viktor Dukhovni wrote: Viktor Dukhovni> On Mon, Mar 22, 2021 at 01:35:12PM +1100, Phil Biggs wrote:
>> Mar 21 14:50:35 postfix/postscreen[3804]: CONNECT from [18.205.72.90]:43471 >> to [192.168.11.2]:25 >> Mar 21 14:50:41 postfix/postscreen[3804]: PASS NEW [18.205.72.90]:43471 >> Mar 21 14:50:43 postfix/smtpd[3806]: connect from >> keeper-us-east-1c.mxtoolbox.com[18.205.72.90] >> Mar 21 14:50:45 postfix/cleanup[3810]: 05625DF30B: >> message-id=<[email protected]> >> Mar 21 14:50:45 postfix/qmgr[735]: 05625DF30B: >> from=<[email protected]>, size=233, nrcpt=1 (queue active) >> Mar 21 14:50:45 postfix/smtp[3811]: Trusted TLS connection established to >> mail.aussiebroadband.com.au[121.200.0.25]:25: TLSv1.3 with cipher >> TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature >> RSA-PSS (2048 bits) server-digest SHA256 >> Mar 21 14:50:46 postfix/smtp[3811]: 05625DF30B: >> to=<[email protected]>, >> relay=mail.aussiebroadband.com.au[121.200.0.25]:25, delay=1.1, >> delays=0.01/0.02/0.99/0.03, dsn=2.1.5, status=deliverable (250 2.1.5 Ok) > It looks like you have "reject_unverified_recipient" in your > smtpd_recipient_restrictions. With relay control implemented in > smtpd_relay_restrictions. > In Postfix 3.5, smtpd_relay_restrictions are implemented *after* > smtpd_recipient_restrictions. In Postfix 3.6, if your compatibility > level is set to 3.6 or higher, or you explicitly set: > smtpd_relay_before_recipient_restrictions = yes > the these are evaluated as documented and expected, rather than > in backwards-compatible safety-net order. Thank you, Viktor. Yes, I do have it configured as you say. I suspect that's a carry-over from an old pfSense package config I used as the basis for my first postfix server. As I don't have any known email problems at present, I'll wait for 3.6 to hit the FreeBSD ports. I did just realised, though, that I still have compatibility_level set as "2" and don't remember why. Worth looking into. Cheers, Phil
