MPP and Beyond

We have seen an issue that I want to raise, as others may accidentally run into this. It is important that if you use the MPP Postfix Policy Server that check_policy_service be the last restriction to check before “permit”.

check_policy_service, permit_mynetworks, reject_unauth_destination

Will result in an open relay condition because the restrictions are processed in order, and when they are matched subsequent restrictions aren’t checked.