On 4/29/2016 2:02 AM, Alice Wonder wrote: > submission inet n - n - - smtpd > -o syslog_name=postfix/submission > -o smtpd_tls_security_level=encrypt > -o smtpd_sasl_auth_enable=yes > -o smtpd_reject_unlisted_recipient=no > -o smtpd_client_restrictions=permit_mynetworks,reject > -o > smtpd_relay_restrictions=permit_mynetworks,reject_unauth_destination > -o milter_macro_daemon_name=ORIGINATING > > -=-=- > > The goal: > > Set up a postfix server that exists solely to relay blog > notifications from a different host. > > I want it to use port 587 for this so that anything sent to port 25 > can just be blocked. > > I want it to only relay connections from hosts specified in mynetworks > > I want it to require authentication > > The from address will vary by which blog is connecting to send > notifications, I don't want it to care about the from address.
If you intend to require BOTH mynetworks AND auth, you'll need something like: (reject not-mynetworks) -o smtpd_client_restrictions=permit_mynetworks,reject (reject not-auth) -o smtpd_recipient_restrictions=permit_sasl_sasl_authenticated,reject The other stuff is OK. -- Noel Jones