sieve redirect to foreign email gets “Relay access denied”

Reindl Harald h.reindl at thelounge.net
Tue Sep 23 10:31:46 UTC 2014 


Am 23.09.2014 um 12:08 schrieb Urban Loesch:
> I'm not shure, but could it be that you are missing "permit_mynetworks" in "smtpd_recipient_restrictions"?

likely

* smtpd_sender_restrictions
* smtpd_data_restrictions
* smtpd_helo_restrictions
* smtpd_recipient_restrictions

it is in general a bad idea to use all 4 of them
how do you know the exact order

http://www.postfix.org/postconf.5.html#smtpd_delay_reject
default on, so you can put anything in "smtpd_recipient_restrictions"
and avoid unpredictable results - below an example how all of them
live in "smtpd_recipient_restrictions"

the point is postfix is working from top to bottom
you only need to take care to skip restrictions applied
to inbound mail but not in the local network and for
authenticated users while some rules are on top and
are explicitly for submission users

no reason for that: smtpd_data_restrictions = reject_unauth_pipelining

smtpd_recipient_restrictions = permit_mynetworks
 reject_non_fqdn_recipient
 reject_non_fqdn_sender
 reject_unlisted_sender
 reject_authenticated_sender_login_mismatch
 permit_sasl_authenticated
 reject_non_fqdn_helo_hostname
 reject_invalid_helo_hostname
 reject_unauth_destination
 reject_unauth_pipelining
 reject_unknown_sender_domain
 reject_unknown_recipient_domain
 check_recipient_access proxy:hash:/etc/postfix/blacklist_rcpt.cf
 check_recipient_access proxy:hash:/etc/postfix/whitelist_rcpt.cf
 check_sender_access proxy:hash:/etc/postfix/whitelist_sender.cf
 check_sender_access proxy:hash:/etc/postfix/blacklist_sender.cf
 check_sender_access proxy:hash:/etc/postfix/spoofing_protection.cf
 check_helo_access proxy:regexp:/etc/postfix/blacklist_helo.cf
 check_reverse_client_hostname_access proxy:regexp:/etc/postfix/blacklist_generic_ptr.cf
 check_policy_service unix:private/spf-policy
 check_recipient_access proxy:hash:/etc/postfix/skip_rcpt_verification.cf
 reject_unverified_recipient

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20140923/bca8fe78/attachment.sig>

More information about the dovecot mailing list