At 11:47 pm +0100 2004/11/04, Hochstrasser Benedikt wrote:
>Giuliano Gavazzi wrote:
[...]
>well, it should have immediately replied with a "550 relay not
>permitted", or equivalent, and this should have not involved any
>routers (except for checking the MAIL FROM:) as the source is
>certainly not a host you relay from and myhostname.company.org is not
>a local_domain (since you have NO local domains!) or a
>relay_to_domain. So, why did your box try to route the email in the
>first place?
><<<
>
>Now that is a good question. :)
>The reason is that I have an acl like
>
>deny message = unrouteable address
> !verify = recipient
>
>and this verification is calling the routers and finds out that the
>domain in question is the local host. So the domainlist router is
>called during an ACL test and not during the delivery.
>
>If I remove that ACL then (thanks tho the final catch-all) it indeed
>fails with "relaying not allowed".
yes, but the acl above is incomplete. It should also say:
domains = +relay_to_domains
so that if it is not an address in a domain you relay to, it goes to
the final deny catch-all.
Giuliano