On Thu, Jan 25, 2024 at 08:31:44PM +0100, Paul van der Vlis via Postfix-users wrote: > Hello, > > Since over 20 years I use Postfix, but some things I don't understand... > > I want different rules for mail what comes through submission(s) and what > comes from other mailservers using port 25. What is the correct way to do > that?
>From the stock master.cf file (see also the master(5) manpage and/or <https://www.postfix.org/master.5.html>): # Choose one: enable submission for loopback clients only, or for any client. #127.0.0.1:submission inet n - n - - smtpd #submission inet n - n - - smtpd # -o syslog_name=postfix/submission # -o smtpd_tls_security_level=encrypt # -o smtpd_sasl_auth_enable=yes # -o smtpd_tls_auth_only=yes # -o local_header_rewrite_clients=static:all # -o smtpd_reject_unlisted_recipient=no # Instead of specifying complex smtpd_<xxx>_restrictions here, # specify "smtpd_<xxx>_restrictions=$mua_<xxx>_restrictions" # here, and specify mua_<xxx>_restrictions in main.cf (where # "<xxx>" is "client", "helo", "sender", "relay", or "recipient"). # -o smtpd_client_restrictions= # -o smtpd_helo_restrictions= # -o smtpd_sender_restrictions= # -o smtpd_relay_restrictions= # -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING # Choose one: enable submissions for loopback clients only, or for any client. #127.0.0.1:submissions inet n - n - - smtpd #submissions inet n - n - - smtpd # -o syslog_name=postfix/submissions # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes # -o local_header_rewrite_clients=static:all # -o smtpd_reject_unlisted_recipient=no # Instead of specifying complex smtpd_<xxx>_restrictions here, # specify "smtpd_<xxx>_restrictions=$mua_<xxx>_restrictions" # here, and specify mua_<xxx>_restrictions in main.cf (where # "<xxx>" is "client", "helo", "sender", "relay", or "recipient"). # -o smtpd_client_restrictions= # -o smtpd_helo_restrictions= # -o smtpd_sender_restrictions= # -o smtpd_relay_restrictions= # -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING > E.g. I don't want a check on blacklists on the submission ports. > And I don't want authentication on port 25. > > And what about milters, how can I configure them so that they are only used > for e.g. SMTP on port 25? I have, for example: submission inet n - n - - smtpd -o smtpd_milters= -o smtpd_sasl_auth_enable=yes ... with a non-empty set of milters (default, so simply ommitted smtpd_sasl_auth_enable=no) in main.cf Welcome to master.cf overrides, congratulations on managing to get by without them for 20 years. -- Viktor. _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org