R.Smits wrote:
> I have a complex isue over here.
>
> Top level domain : domain.org (MX=mailserver.domain.org)
> Subdomain 1 : monkey.domain.org (MX=mailserver.domain.org)
> Subdomain 2 : bird.domain.org (MX=mailserver.bird.domain.org)
>
> For the monkey domain I use virtual_maps. Works great
> The bird domain is a relay domain.
> (We relay all email to mailserver.bird.domain.org.
>
> When I try to send an email to user@pc1.monkey.domain.org
> --------
> I get "Relay access denied"
>
> If I put the : pc1.monkey.domain.org in the relays file, as specified in
> the main.cf , I can send an email to this address. No problem so far.
> (pc1.monkey.domain.org OK)
>
> Same story for the bird domain.
>
> But, if the bird.domain.org is an relay domain, and has his own MX
> record , to an email server on our campus, our corp mailserver also
> accepts email for : pc1@bird.domain.org
>
> This I understand : aaccxv@bird.domain.org (Is accepted, because we
> relay to this domain)
>
> This I don't understand : aaccxv@pc1.bird.domain.org (Is accepted, but
> WHY ?)
>
> If I put the host : pc1.bird.domain.org in a
> smtpd_recipient_restrictions file, with this content:
>
> pc1.bird.domain.org 550 5.1.2 System cannot receive mail
>
> We can block the spam, to this address, But I still think it's weird.
>
> Greetings... R.Smits

I suspect that what you might be seeing is the effect of the
"parent_domain_matches_subdomains" setting.

$ postconf parent_domain_matches_subdomains
parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,
mynetworks,permit_mx_backup_networks,
qmqpd_authorized_clients,relay_domains,
smtpd_access_maps

Try something like this in the restrictions file:

..bird.domain.org 550 5.1.2 Invalid domain name

--
Greg