On 1/17/2013 3:56 PM, Quanah Gibson-Mount wrote:
> --On Wednesday, January 09, 2013 10:53 AM -0800 Quanah Gibson-Mount
> <[email protected]> wrote:
>
>>> Submission and "smtps" perform essentially the same function, and
>>> should get identical settings, with the obvious addition of tls
>>> wrappermode for smtps.
>>
>> Perfect, thank you very much!
>
> Ok, I've modified my master.cf for the smtpd daemons to the
> following. Does it appear in general, more sane?
>
> smtp inet n - n - - smtpd
> -o content_filter=scan:[127.0.0.1]:10029
> 465 inet n - n - - smtpd
> -o content_filter=scan:[127.0.0.1]:10029
> -o smtpd_tls_wrappermode=yes
> -o smtpd_sasl_auth_enable=yes
> -o smtpd_client_restrictions=
> -o smtpd_data_restrictions=
> -o smtpd_end_of_data_restrictions=
> -o smtpd_helo_restrictions=
> -o smtpd_recipient_restrictions=
> -o smtpd_relay_restrictions=
I don't think postfix will start (or at least won't start this
service) with both smtpd_recipient_restricions and
smtpd_relay_restrictions set empty.
For submission/smtps, one of these needs to be set eg.
smtpd_relay_restrictions=permit_sasl_authenticated,reject
It's also customary to set
-o milter_macro_daemon_name=ORIGINATING
in case a milter gets put in the loop,
and I find it very useful to set the syslog name
-o syslog_name=postfix/smtps
(similar for postfix/submission).
-- Noel Jones
