Jorey Bump wrote:
LuKreme wrote, at 03/13/2009 04:26 PM:
On 13-Mar-2009, at 10:49, Bill Cole wrote:
If you have a good port 587 config in master.cf, you may need no
changes there. My submission entry for a server that accepts no port
25 submission from outside the LAN is:
submission inet n - n - - smtpd
-o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o syslog_name=postfix/submit
-o smtpd_milters=
(If your main.cf doesn't define smtpd_milters, the last line is
unnecessary)
That's nice to see. My master.cf is quite old, and the submission port
info is... lemme look
Oh, my
587 inet n - n - - smtpd
That's it. Lemme at least change that.
Here's an example for a recent Postfix:
submission inet n - n - - smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
One point of clarification for others who may get tripped up by the
subtle difference between these two examples. In Bill's version,
smtpd_recipient_restrictions contains permit_sasl_authenticated, whereas
the latter is set in Jorey's smtpd_client_restrictions. I believe one
needs to permit_sasl in recipient_restrictions; at least in the context
of this thread, where it is suggested that "you remove permit_mynetworks
& permit_sasl_authenticated from your smtpd_*_restrictions in main.cf".
Otherwise SASL authenticated clients will be unable to relay (probably
blocked by reject_unauth_destination at RCPT TO).
--
Sahil Tandon <[email protected]>
