Hello Viktor,
Thanks for your quick answer! See my inline response:
Op 25-01-2024 om 20:40 schreef Viktor Dukhovni via Postfix-users:
On Thu, Jan 25, 2024 at 08:31:44PM +0100, Paul van der Vlis via Postfix-users
wrote:
Hello,
Since over 20 years I use Postfix, but some things I don't understand...
I want different rules for mail what comes through submission(s) and what
comes from other mailservers using port 25. What is the correct way to do
that?
From the stock master.cf file (see also the master(5) manpage and/or
<https://www.postfix.org/master.5.html>):
# Choose one: enable submission for loopback clients only, or for any
client.
#127.0.0.1:submission inet n - n - - smtpd
#submission inet n - n - - smtpd
Normally I've removed the # before submission.
# -o syslog_name=postfix/submission
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_tls_auth_only=yes
# -o local_header_rewrite_clients=static:all
# -o smtpd_reject_unlisted_recipient=no
# Instead of specifying complex smtpd_<xxx>_restrictions here,
# specify "smtpd_<xxx>_restrictions=$mua_<xxx>_restrictions"
# here, and specify mua_<xxx>_restrictions in main.cf (where
# "<xxx>" is "client", "helo", "sender", "relay", or "recipient").
# -o smtpd_client_restrictions=
# -o smtpd_helo_restrictions=
# -o smtpd_sender_restrictions=
# -o smtpd_relay_restrictions=
# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
# Choose one: enable submissions for loopback clients only, or for any
client.
#127.0.0.1:submissions inet n - n - - smtpd
#submissions inet n - n - - smtpd
And here too.
# -o syslog_name=postfix/submissions
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o local_header_rewrite_clients=static:all
# -o smtpd_reject_unlisted_recipient=no
# Instead of specifying complex smtpd_<xxx>_restrictions here,
# specify "smtpd_<xxx>_restrictions=$mua_<xxx>_restrictions"
# here, and specify mua_<xxx>_restrictions in main.cf (where
# "<xxx>" is "client", "helo", "sender", "relay", or "recipient").
# -o smtpd_client_restrictions=
# -o smtpd_helo_restrictions=
# -o smtpd_sender_restrictions=
# -o smtpd_relay_restrictions=
# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
I understand what you mean. But what is after this?
Are then the lines in main.cf used, like smtpd_relay_restrictions or
smtpd_milters?
And where is the point that the mail is accepted?
E.g. I don't want a check on blacklists on the submission ports.
And I don't want authentication on port 25.
And what about milters, how can I configure them so that they are only used
for e.g. SMTP on port 25?
I have, for example:
submission inet n - n - - smtpd
-o smtpd_milters=
-o smtpd_sasl_auth_enable=yes
...
This is interesting for me, I would expect such lines here. But in the
examples they are not there. And maybe end with "-o permit" ?
with a non-empty set of milters (default, so simply ommitted
smtpd_sasl_auth_enable=no) in main.cf
Welcome to master.cf overrides, congratulations on managing to get by
without them for 20 years.
;-)
And what about lines for port 25. Better to put them in master.cf?
What's left for main.cf then? Only the mail from localhost?
Or is "smtpd_relay_restrictions =" not used for incoming mail from
submission(s)?
With regards,
Paul.
--
Paul van der Vlis Linux systeembeheer Groningen
https://vandervlis.nl/
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
