Re: smtpd_relay_restrictions, non-production version
- Wietse Venema:
> I've uploaded a non-production release with smtpd_relay_restrictionsI have uploaded postfix-2.10-20121001-nonprod.
> support. For a preview of the documentation, see:
> This being a critical feature, I have put in multiple safety nets
> to ensure compatibility for sites that upgrade. The text below is
> taken from the RELEASE_NOTES file.
This updates the remainder of the documentation, and adds a new
"defer_unauth_destination" feature, to improve the error message
from the "forward compatibility" safety net.
[text from RELEASE_NOTES]
This version introduces the smtpd_relay_restrictions feature
for mail relay control. The built-in default value is:
With Postfix versions before 2.10, the rules for relay permission
and spam blocking were often intermingled under
smtpd_recipient_restrictions, resulting in error-prone configuration.
As of Postfix 2.10, relay permission rules are preferably implemented
with smtpd_relay_restrictions, so that a permissive spam blocking
policy under smtpd_recipient_restrictions will no longer result in
a permissive mail relay policy.
As usual, this new feature is introduced with safety nets to prevent
surprises when a site upgrades from an earlier Postfix release.
1 - FORWARD COMPATIBILITY SAFETY NET: the Postfix installation
procedure adds an explicit smtpd_relay_restrictions entry to
main.cf when there is none:
If your site has a complex mail relay policy configured under
smtpd_recipient_restrictions, this safety net will defer mail
that the built-in smtpd_relay_restrictions setting would bounce.
To fix, either set smtpd_relay_restrictions empty, or copy the
relay authorization policy from smtpd_recipient_restrictions
Otherwise, setting smtpd_relay_restrictions by hand to the
default policy will suffice.
2 - BACKWARDS COMPATIBILITY SAFETY NET: sites that migrate from
Postfix versions before 2.10 can set smtpd_relay_restrictions
to the empty value, and use smtpd_recipient_restrictions exactly
as they used it before.