On Wed, Sep 04, 2013 at 01:06:52PM -0700, Quanah Gibson-Mount wrote:
> Previous to Postfix 2.10 and the split between
> smtpd_relay_restrictions and smtpd_recipient_restrictions, our
> policy service check was in smtpd_recipient_restrictions, and
> applied to both incoming and outgoing mail. With 2.10, in my
> efforts to do things correctly, I have left the policy service on
> port 25 with smtpd_recipient_restrictions, but for the submission
> port I have:
>
> -o smtpd_recipient_restrictions=
>
> to strip it out. However, one of the things the policy service
> (cluebringer/cpbolicyd) offers is rate limiting, which some clients
> want to implement on their outgoing email.
>
> Now, I could modify master.cf so it has:
>
> -o smtpd_recipient_restrictions=<policy service bits>
>
> but I was wondering if, for the submission port, there was a
> different recommended method.
To avoid being in a state of sin, you should only put relay control
in smtpd_relay_restrictions. All other controls go elsewhere. Given
the default setting of smtpd_delay_reject, you have many choices.
smtpd_client_restrictions
smtpd_helo_restrictions
smtpd_sender_restrictions
smtpd_recipient_restrictions
avoid putting explicit definitions of these in master.cf, instead:
-o smtpd_client_restrictions=$submission_client_restrictions
-o smtpd_helo_restrictions=$submission_helo_restrictions
-o smtpd_sender_restrictions=$submission_sender_restrictions
-o smtpd_relay_restrictions=$submission_relay_restrictions
-o smtpd_recipient_restrictions=$submission_recipient_restrictions
and define these in main.cf. Place non-relay controls in any of the four
classes that make most sense to you.
--
Viktor.
