Q: Server 5.1.5 has incorrect postfix main.cf file

All,

After some puzzlement and some hard-earned technical consideration, OS X Server 5.1.x and later implementers (the current version independent Server bundle) have a new challenge to take into consideration.  I’m posting this so that people googling/searching later might skip this painful step and/or have it added to future documentation.  This came up during an implementation of GNU mailman to run a listserv on an OS X Server, so any application running on an OS X Server with expectations to utilize postfix as a local mail relay will be impacted.

As configured today, a current mailman implementation running locally would face some version of this relay error in the mail.log:

postfix/smtpd[53192]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 554 5.7.1 <user@foreigndomain.tld>: Relay access denied; from=<testinglist-bounces@localdomain.tld> to=<user@foreigndomain.tld> proto=ESMTP helo=<server.localdomain.tld>

Earlier versions of Server shipped with pre-2.10 versions of postfix (10.9.x, for example, runs 2.9.4 today).  However, with 5.1.x, Apple now implements 2.11, though it has not updated the configuration file to cope with the transition from the former smtpd_recipient_restrictions to the post-2.10 smptd_relay_restrictions parameter.  As most people are going to look at smtpd_client_restrictions and mynetworks to diagnose and not notice that the deprecated parameter is still there in lieu of the current hotness, there may be hours of frustration trying to diagnose that the problem lies in a pre-2.10 configuration file used in the current builds.

To correct this, might I suggest postfix main.cf changes:

 

# smtpd_recipient_restrictions = permit_sasl_authenticated reject_unauth_destination permit

 

 

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination