Relay Restrictions

smtpd_relay_restrictions =
      permit_mynetworks
      permit_sasl_authenticated
      reject_unauth_destinations

This parameter is one of the most important security mechanisms in Postfix because it prevents the server from being abused as an open relay.

smtpd_relay_restrictions defines the access control rules for SMTP relay requests in Postfix. It determines which clients are allowed to relay emails through the server to external domains.

This configuration:

  • Allows relaying only for:

    • permit_mynetworks: Trusted networks defined in mynetworks.

    • permit_sasl_authenticated: Authenticated SMTP users (reserved for future compatibility).

  • Avoids open relay or relay to other domains:

    reject_unauth_destinations: Blocks unauthorized relay attempts or destinations.