Relay Restrictions
smtpd_relay_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destinations
This parameter is one of the most important security mechanisms in Postfix because it prevents the server from being abused as an open relay.
smtpd_relay_restrictions defines the access control rules for SMTP relay requests in Postfix. It determines which clients are allowed to relay emails through the server to external domains.
This configuration:
-
Allows relaying only for:
permit_mynetworks: Trusted networks defined in mynetworks.permit_sasl_authenticated: Authenticated SMTP users (reserved for future compatibility).
-
Avoids open relay or relay to other domains:
reject_unauth_destinations: Blocks unauthorized relay attempts or destinations.