On Sun, Mar 26, 2023 at 02:53:42PM -0700, Doug Hardie wrote: > > inline:{{digitalinsight.firefightersfirstcreditunion.org = > > permit_auth_destination}} > > or > > > > inline:{digitalinsight.firefightersfirstcreditunion.org=permit_auth_destination} > > > > Per the documentation: > > > > http://www.postfix.org/DATABASE_README.html > > > > "inline:{ key=value, { key = text with whitespace or comma }} > > > I found the = didn't work.
This is sadly without any configuration or error message details. So not actionable. The suggested inline:{{key = value}} replacement will work if implemented correctly. # Best to rename to "incoimg_recipient_restrictions", here, and in master.cf. incoming_smtpd_restrictions = check_policy_service inet:127.0.0.1:10040, reject_invalid_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, check_sender_access inline:{ {digitalinsight.firefightersfirstcreditunion.org = permit_auth_destination} }, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, check_recipient_access hash:/usr/local/etc/postfix/tempfail, reject_unauth_destination, reject_unlisted_recipient reject_rbl_client bl.spamcop.net, reject_rbl_client b.barracudacentral.org, reject_rbl_client zen.spamhaus.org, permit > So I tried the example in the access(5) man page. What example? > smtpd pass - - n - 50 smtpd > -o smtpd_recipient_restrictions=$incoming_smtpd_restrictions > > incoming_smtpd_restrictions = > check_policy_service inet:127.0.0.1:10040, > reject_invalid_hostname, > reject_non_fqdn_sender, > reject_non_fqdn_recipient, > check_sender_access hash:/usr/local/etc/postfix/access > reject_unknown_sender_domain, This will reject the domain. > reject_unknown_recipient_domain, > reject_unauth_pipelining, > permit_mynetworks, > check_recipient_access hash:/usr/local/etc/postfix/tempfail, > reject_unauth_destination, > reject_unlisted_recipient > reject_rbl_client bl.spamcop.net, > reject_rbl_client b.barracudacentral.org, > reject_rbl_client zen.spamhaus.org, > permit > > the contents of access: > > # Firefighters CU has missing DNS > 156.55.193.213 OK That's not a sender [email] address. Also the "RHS" is too permissive, you probably want (just in case) not "OK" but "permit_auth_destination" (though your "smtpd_relay_restrictions" may keep you out of trouble, best to be sure). Perhaps you meant to instead use: check_client_access hash:/usr/local/etc/postfix/access -- Viktor. _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org