On Thu, Dec 01, 2022 at 02:38:49PM -0500, Viktor Dukhovni <postfix-us...@dukhovni.org> wrote:
> On Thu, Dec 01, 2022 at 11:32:01AM -0500, Jonathan Capra wrote: > > > However what I'm doing is having the primary server extract valid > > addresses (mailboxes and aliases) from MySQL, compile them into postfix > > format (<em...@domain.tld><tab>OK), and then rsync it over the the > > secondary in the form of /etc/postfix/relay_recipients twice a day. > > > > Two minutes later, on the secondary side, it moves it to /etc/postfix, and > > runs postmap on the file to create /etc/postfix/relay_recipient_maps.db. > > It then restarts postfix. > > You DO NOT need to restart Postfix when the table changes. Just use > the safe table update instructions and leave Postfix as-is. > > https://www.postfix.org/DATABASE_README.html#safe_db > > > relay_recipient_maps = hash:/etc/postfix/relay_recipients > > > > relay_domains = <domain.tld>,<domain.tld>,...<domain.tld> > > > > However when I telnet to port 25, I feed it this, it accepts it just > > fine still, and forces my primary to generate a bounceback: > > > > # telnet caduceus.wtfayla.net 25 > > 220 caduceus.wtfayla.net ESMTP Postfix (Debian/GNU) > > helo fongaboo.com > > 250 caduceus.wtfayla.net > > mail from: jcapra@<workemail>.com > > 250 2.1.0 Ok > > rcpt to: nonexistentaddr...@fongaboo.com > > 250 2.1.5 Ok > > data > > 354 End data with <CR><LF>.<CR><LF> > > this should not exist > > . > > 250 2.0.0 Ok: queued as 32F272E41F6 > > Either "relay_recipient_maps" is not configured as you report, the > domain is not a relay_domain (perhaps it is also listed in > mydestination? ...) or your virtual(5) aliases or canonical(5) maps have > wildcard entries for that recipient domain. > > > # See /usr/share/postfix/main.cf.dist for a commented, more complete version > > > > # Debian specific: Specifying a file name will cause the first > > # line of that file to be used as the name. The Debian default > > # is /etc/mailname. > > #myorigin = /etc/mailname > > [...] > > Valiant effort, but the correct way to report your configuration is > to include the verbatim outputs (no changes in whitespace, ...) of > > $ postconf -nf > $ postconf -Mf > > See https://www.postfix.org/DEBUG_README.html#mail > > -- > Viktor. The parameter smtpd_relay_restrictions was set twice in main.cf. You should decide which one you want, and delete the other (or combine what you want into a single version). The postconf -nf command shown above would just output the one that Postfix ends up using, which might or might not be the one you think it is using. This might matter, but probably not. The second, more detailed one, will override the first one. But note that only the first (unused) one contains permit_sasl_authenticated, so SASL-authenticated connections will be subject to all the checks in the second smtpd_relay_restrictions. But I don't think this is causing your problem. cheers, raf
