In a distant past, the Internet was a friendly environment.
Mail servers happily forwarded mail on behalf of anyone towards
any destination. On today's Internet, spammers abuse servers that
forward mail from arbitrary systems, and abused systems end up on
anti-spammer blacklists. See, for example, the information on
https://www.mail-abuse.org/ and other websites.
By default, Postfix has a moderately restrictive approach to
mail relaying. Postfix forwards mail only from clients in trusted
networks, or to domains that are configured as authorized relay
destinations. For a description of the default policy, see the
smtpd_recipient_restrictions parameter in the
page, and the information that is referenced from there.
Most of the Postfix SMTP server access controls are targeted
at stopping junk email.
Protocol oriented: some SMTP server access controls block
mail by being very strict with respect to the SMTP protocol; these
catch poorly implemented and/or poorly configured junk email
software, as well as email worms that come with their own non-standard
SMTP client implementations. Protocol-oriented access controls
become less useful over time as spammers and worm writers learn to
read RFC documents.
Blacklist oriented: some SMTP server access controls
query blacklists with known to be bad sites such as open mail
relays, open web proxies, and home computers that have been
compromised and that are under remote control by criminals. The
effectiveness of these blacklists depends on how complete and how
up to date they are.
Threshold oriented: some SMTP server access controls attempt
to raise the bar by either making the client do more work (greylisting)
or by asking for a second opinion (SPF and sender/recipient address
verification). The greylisting and SPF policies are implemented
externally, and are the subject of the
Sender/recipient address verification is the subject of the
Unfortunately, all junk mail controls have the possibility of
falsely rejecting legitimate mail. This can be a problem for sites
with many different types of users. For some users it is unacceptable
when any junk email slips through, while for other users the world
comes to an end when a single legitimate email message is blocked.
Because there is no single policy that is "right" for all users,
Postfix supports different SMTP access restrictions for different
users. This is described in the