On 4/29/2016 2:02 AM, Alice Wonder wrote:
> submission inet n - n - - smtpd
> -o syslog_name=postfix/submission
> -o smtpd_tls_security_level=encrypt
> -o smtpd_sasl_auth_enable=yes
> -o smtpd_reject_unlisted_recipient=no
> -o smtpd_client_restrictions=permit_mynetworks,reject
> -o
> smtpd_relay_restrictions=permit_mynetworks,reject_unauth_destination
> -o milter_macro_daemon_name=ORIGINATING
>
> -=-=-
>
> The goal:
>
> Set up a postfix server that exists solely to relay blog
> notifications from a different host.
>
> I want it to use port 587 for this so that anything sent to port 25
> can just be blocked.
>
> I want it to only relay connections from hosts specified in mynetworks
>
> I want it to require authentication
>
> The from address will vary by which blog is connecting to send
> notifications, I don't want it to care about the from address.
If you intend to require BOTH mynetworks AND auth, you'll need
something like:
(reject not-mynetworks)
-o smtpd_client_restrictions=permit_mynetworks,reject
(reject not-auth)
-o smtpd_recipient_restrictions=permit_sasl_sasl_authenticated,reject
The other stuff is OK.
-- Noel Jones
