On 7/12/2018 12:29 PM,
[hidden email] wrote:
> Hello,
>
> I intend to protect some internal email distribution lists in a way,
> which is described here:
>
>
http://www.postfix.org/RESTRICTION_CLASS_README.html>
> I would need to add "check_recipient_access ..." to the parameter
> "smtpd_recipient_restrictions". The actual value of this parameter
> in main.cf is:
>
> smtpd_recipient_restrictions =
> permit_mynetworks
> reject_unauth_destination
>
> "smtpd_relay_restrictions" is not explicitly defined in main.cf. But
> it seems, that it has this default value (output from postconf):
>
> smtpd_relay_restrictions =
> permit_mynetworks,
> permit_sasl_authenticated,
> defer_unauth_destination
>
> It seems to me, that this configuration is somewhat redundant. I
> assume, this would be a better configuration:
>
> smtpd_relay_restrictions =
> permit_mynetworks
> reject_unauth_destination
>
> smtpd_recipient_restrictions =
> check_recipient_access hash:/etc/postfix/access
>
> Am I right?
>
> Regards,
> Ingo
Yes, your simplified settings are fine.
The reason for the seemingly redundant default settings: before the
invention of smtpd_relay_restrictions all relay restrictions were
expected to be in smtpd_recipient_restrictions. Some people with
complicated recipient spam access controls were inadvertently
creating open relays, so the developers added
smtpd_relay_restrictions as a place dedicated to *only* relay
checks, with a safe default.
http://www.postfix.org/postconf.5.html#smtpd_relay_restrictions -- Noel Jones