On 13-Mar-2009, at 10:49, Bill Cole wrote:
Hi Bill! Postfix is a little more complicated than SIMS, isn't it :)
If you have a good port 587 config in master.cf, you may need no
changes there. My submission entry for a server that accepts no port
25 submission from outside the LAN is:
submission inet n - n - - smtpd
-o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o syslog_name=postfix/submit
-o smtpd_milters=
(If your main.cf doesn't define smtpd_milters, the last line is
unnecessary)
That's nice to see. My master.cf is quite old, and the submission
port info is... lemme look
Oh, my
587 inet n - n - - smtpd
That's it. Lemme at least change that.
Forcing users into submission (or however you want to phrase
that...) is really a main.cf issue, and depending on your network
and users it may be more a matter of encouragement than force. Any
measure you have in place in main.cf smtpd_*_restrictions entries
solely in order to permit your users' initial submissions should be
removed from there and instead be in the smtpd_*_restrictions
definitions in the submission entry in master.cf.
I wish more clients were like Mail.app in this respect, its default is
to try 25, 465, and 587, so if all my users were using Mail.app, I
could just switch things and it would 'do the right thing'.
The generalized rule is that main.cf defines a baseline set of
definitions, while the -o entries in the master.cf entry for a
service replaces definitions as needed. For example, I define my
smtpd_sasl_* settings in main.cf because that way they don't clutter
master.cf, and without permit_sasl_authenticated in main.cf, those
settings are operationally irrelevant to the port 25 smtpd.
--
Charlie don't surf!