Loading ...
Sorry, an error occurred while loading the content.

Re: smtpd_relay_restrictions in 2.10.0

Expand Messages
  • Reindl Harald
    ... which would kill your server ... if smtpd_relay_restrictions = permit_mynetworks is what you want use it the new default is for instalaltions which did
    Message 1 of 3 , Mar 6 2:19 AM
    • 0 Attachment
      Am 06.03.2013 11:08, schrieb Nikolaos Milas:

      > I had a postfix 2.9.4 and upgraded to 2.10.0 (on CentOS 6.3 x86_64), building an RPM using Simon J. Mudd's SRPM
      > (for v2.9.x). During installation, I got:
      >
      > warning: /etc/postfix/main.cf created as /etc/postfix/main.cf.rpmnew
      > warning: /etc/postfix/master.cf created as /etc/postfix/master.cf.rpmnew
      > COMPATIBILITY: editing /etc/postfix/main.cf, overriding
      > smtpd_relay_restrictions to prevent inbound mail from unexpectedly
      > bouncing. Specify an empty smtpd_relay_restrictions value to keep
      > using smtpd_recipient_restrictions as before.
      >
      > So, I thought I should set: "smtpd_relay_restrictions = "

      which would kill your server

      > but I already have:
      >
      > smtpd_relay_restrictions = permit_mynetworks
      > permit_sasl_authenticated defer_unauth_destination
      >
      > So, is there something I should do? (Updated Postfix seems to be working fine.)

      if "smtpd_relay_restrictions = permit_mynetworks" is what you want use it
      the new default is for instalaltions which did not set it at all and
      especially for completly new setups to minimize the danger of a open
      relay more as before
    • Noel Jones
      ... Hash: SHA1 ... Kill seems the wrong word here. This is, in fact, one of the recommended choices for backward compatibility. This disables the new
      Message 2 of 3 , Mar 6 4:36 AM
      • 0 Attachment
        -----BEGIN PGP SIGNED MESSAGE-----
        Hash: SHA1

        On 3/6/2013 4:19 AM, Reindl Harald wrote:
        >
        >
        > Am 06.03.2013 11:08, schrieb Nikolaos Milas:
        >
        >> I had a postfix 2.9.4 and upgraded to 2.10.0 (on CentOS 6.3
        >> x86_64), building an RPM using Simon J. Mudd's SRPM (for
        >> v2.9.x). During installation, I got:
        >>
        >> warning: /etc/postfix/main.cf created as
        >> /etc/postfix/main.cf.rpmnew warning: /etc/postfix/master.cf
        >> created as /etc/postfix/master.cf.rpmnew COMPATIBILITY:
        >> editing /etc/postfix/main.cf, overriding
        >> smtpd_relay_restrictions to prevent inbound mail from
        >> unexpectedly bouncing. Specify an empty
        >> smtpd_relay_restrictions value to keep using
        >> smtpd_recipient_restrictions as before.
        >>
        >> So, I thought I should set: "smtpd_relay_restrictions = "
        >
        > which would kill your server

        Kill seems the wrong word here.

        This is, in fact, one of the recommended choices for backward
        compatibility. This disables the new smtpd_relay_restrictions
        feature and causes postfix to behave exactly as before. Setting
        "smtpd_relay_restrictions = " is very unlikely to break an
        existing, working installation, but you lose the benefit of the
        new feature.

        See RELEASE_NOTES for details.

        >
        >> but I already have:
        >>
        >> smtpd_relay_restrictions = permit_mynetworks
        >> permit_sasl_authenticated defer_unauth_destination

        This is the safety net added by the postfix upgrade procedure.
        See RELEASE_NOTES for details.


        >>
        >> So, is there something I should do? (Updated Postfix seems to
        >> be working fine.)


        If you have a "standard" setup, change the above
        defer_unauth_destination to reject_unauth_destination. If you
        have a complex relay policy already defined in
        smtpd_recipient_restrictions, then set smtpd_relay_restrictions
        empty. See RELEASE_NOTES for details.



        -- Noel Jones
        -----BEGIN PGP SIGNATURE-----
        Version: GnuPG v2.0.17 (MingW32)
        Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

        iQEcBAEBAgAGBQJRNzhGAAoJEJGRUHb5Oh6g19IIAJY4rARiNqF1MTf33Vxb+mp6
        PiIN4tYiAUsdgt4Digh7fptohMa3G2OpLkHd+wTlzpuB75lSvN3OIXdT1KZjQhCT
        EEk8jxDZG8uYi8lEuoT89w6sebyhbWlT95+T+8dcpj3DUxqgTG8jsNtmz41hHjjb
        UG6IC6PmOXemtdhCVqSaLNymBVDPpdfbeSEeEkyR3B2MF5qaZoIRWwWkpQtb6Wwl
        TBzTBgFt1EBQ7AtN1IrBTU8XizAKlXeQZK7BB8j0cPG+Amsf76cnoKOv+vEEpoot
        /Rc/3rMO+01Wmrua1NcAIycL2vkcWCChqSvnj0akA2JH5ECOkiuAsmriSYfKFLQ=
        =gOiV
        -----END PGP SIGNATURE-----
      Your message has been successfully submitted and would be delivered to recipients shortly.