Loading ...
Sorry, an error occurred while loading the content.

Re: smtpd_relay_restrictions, non-production version

Expand Messages
  • Wietse Venema
    ... I have uploaded postfix-2.10-20121001-nonprod. This updates the remainder of the documentation, and adds a new defer_unauth_destination feature, to
    Message 1 of 2 , Oct 1, 2012
    • 0 Attachment
      Wietse Venema:
      > I've uploaded a non-production release with smtpd_relay_restrictions
      > support. For a preview of the documentation, see:
      >
      > http://www.porcupine.org/postfix-mirror/SMTPD_ACCESS_README.html
      > http://www.porcupine.org/postfix-mirror/postconf.5.html#smtpd_relay_restrictions
      > http://www.porcupine.org/postfix-mirror/postconf.5.html#smtpd_recipient_restrictions
      >
      > This being a critical feature, I have put in multiple safety nets
      > to ensure compatibility for sites that upgrade. The text below is
      > taken from the RELEASE_NOTES file.

      I have uploaded postfix-2.10-20121001-nonprod.

      This updates the remainder of the documentation, and adds a new
      "defer_unauth_destination" feature, to improve the error message
      from the "forward compatibility" safety net.

      Wietse

      [text from RELEASE_NOTES]

      This version introduces the smtpd_relay_restrictions feature
      for mail relay control. The built-in default value is:

      smtpd_relay_restrictions =
      permit_mynetworks
      permit_sasl_authenticated
      reject_unauth_destination

      With Postfix versions before 2.10, the rules for relay permission
      and spam blocking were often intermingled under
      smtpd_recipient_restrictions, resulting in error-prone configuration.

      As of Postfix 2.10, relay permission rules are preferably implemented
      with smtpd_relay_restrictions, so that a permissive spam blocking
      policy under smtpd_recipient_restrictions will no longer result in
      a permissive mail relay policy.

      As usual, this new feature is introduced with safety nets to prevent
      surprises when a site upgrades from an earlier Postfix release.

      1 - FORWARD COMPATIBILITY SAFETY NET: the Postfix installation
      procedure adds an explicit smtpd_relay_restrictions entry to
      main.cf when there is none:

      smtpd_relay_restrictions =
      permit_mynetworks
      permit_sasl_authenticated
      defer_unauth_destination

      If your site has a complex mail relay policy configured under
      smtpd_recipient_restrictions, this safety net will defer mail
      that the built-in smtpd_relay_restrictions setting would bounce.
      To fix, either set smtpd_relay_restrictions empty, or copy the
      relay authorization policy from smtpd_recipient_restrictions
      to smtpd_relay_restrictions.

      Otherwise, setting smtpd_relay_restrictions by hand to the
      default policy will suffice.

      2 - BACKWARDS COMPATIBILITY SAFETY NET: sites that migrate from
      Postfix versions before 2.10 can set smtpd_relay_restrictions
      to the empty value, and use smtpd_recipient_restrictions exactly
      as they used it before.
    Your message has been successfully submitted and would be delivered to recipients shortly.