Am 23.09.2014 um 12:08 schrieb Urban Loesch:
I'm not shure, but could it be that you are missing "permit_mynetworks" in "smtpd_recipient_restrictions"?
likely
- smtpd_sender_restrictions
- smtpd_data_restrictions
- smtpd_helo_restrictions
- smtpd_recipient_restrictions
it is in general a bad idea to use all 4 of them how do you know the exact order
http://www.postfix.org/postconf.5.html#smtpd_delay_reject default on, so you can put anything in "smtpd_recipient_restrictions" and avoid unpredictable results - below an example how all of them live in "smtpd_recipient_restrictions"
the point is postfix is working from top to bottom you only need to take care to skip restrictions applied to inbound mail but not in the local network and for authenticated users while some rules are on top and are explicitly for submission users
no reason for that: smtpd_data_restrictions = reject_unauth_pipelining
smtpd_recipient_restrictions = permit_mynetworks reject_non_fqdn_recipient reject_non_fqdn_sender reject_unlisted_sender reject_authenticated_sender_login_mismatch permit_sasl_authenticated reject_non_fqdn_helo_hostname reject_invalid_helo_hostname reject_unauth_destination reject_unauth_pipelining reject_unknown_sender_domain reject_unknown_recipient_domain check_recipient_access proxy:hash:/etc/postfix/blacklist_rcpt.cf check_recipient_access proxy:hash:/etc/postfix/whitelist_rcpt.cf check_sender_access proxy:hash:/etc/postfix/whitelist_sender.cf check_sender_access proxy:hash:/etc/postfix/blacklist_sender.cf check_sender_access proxy:hash:/etc/postfix/spoofing_protection.cf check_helo_access proxy:regexp:/etc/postfix/blacklist_helo.cf check_reverse_client_hostname_access proxy:regexp:/etc/postfix/blacklist_generic_ptr.cf check_policy_service unix:private/spf-policy check_recipient_access proxy:hash:/etc/postfix/skip_rcpt_verification.cf reject_unverified_recipient