>> So I should specify smtpd_client_restrictions or
>> smtpd_recipient_restrictions, but not both?
>>
>
> I think most people find it easier to put all of the restrictions under
> smtpd_recipient_restrictions, since you can just read them top-to-bottom
> with smtpd_delay_reject = yes (the default).
>
> But no, you probably wouldn't need it in both places unless you had some
> default restrictions you wanted to override in both places.
I've boiled my config down to this. It is functional and I think it
is secure and that it rejects any attempt to send messages from
outside mynetworks unless authenticated. Am I correct? Please
consider all other directives to be default.
master.cf:
submission inet n - n - - smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
main.cf:
smtpd_tls_security_level = may
smtpd_tls_auth_only = yes
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
permit
- Grant
