On Fri, Jan 16, 2009 at 09:45:15PM +0100, mouss wrote:
> Jeff Weinberger a ?crit :
> >
> [snip]> I now have it working, as far as I can tell, as I want. The goal
> was to
> > have a submission service that forces authentication and requires that
> > authenticated users only send from addresses they own.
> >
> > So I now have:
> >
> > submission inet n - n - - smtpd
> > -o smtpd_tls_security_level=encrypt
> > -o smtpd_sasl_auth_enable=yes
> > -o smtpd_client_restrictions=
> > -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
> > -o
> > smtpd_sender_restrictions=$587_master_sender_restrictions,reject_sender_login_mismatch,permit_sasl_authenticated,reject
>
> it would be better to move the "reject_sender..." part to main.cf (in
> 587_master_sender_restrictions). since you are already using this custom
> variable, go ahead and use it fully.
Also no need to duplicate "permit_sasl_authenticated, reject" also in the
sender restrictions. It is already present in the recipient restrictions.
Also be consistent in the use of main.cf vs. master.cf:
master.cf:
submission inet n - n - - smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=
-o smtpd_recipient_restrictions=$submission_recipieent_restrictions
-o smtpd_sender_restrictions=$submission_sender_restrictions
main.cf:
submission_sender_restrictions =
... whatever is in $587_master_sender_restrictions ...
reject_sender_login_mismatch
submission_recipient_restrictions =
permit_sasl_authenticated,
reject
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majord...@postfix.org?body=unsubscribe%20postfix-users>
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
