On Mon, Jan 13, 2020 at 06:25:27PM +0100, Simon B wrote:
> > > >> >Since upgrading to 2.11 yesterday (yes, I am on a path to move up
> > > >> >through debian versions), all mail coming in on
> > > >> >postfix/submission/smtpd is being rejected by the domain check in that
> > > >> >file, even though the user is sasl authenticated.
Note, Postfix 2.11 (actually 2.10 IIRC) adds "smtpd_relay_restrictions",
which you don't override in the submission service definition:
> submission inet n - n - - smtpd
> -o syslog_name=postfix/submission
> -o smtpd_delay_reject=yes
> # -o receive_override_options=no_address_mappings
> -o always_add_missing_headers=yes
> -o content_filter=dksign:[127.0.0.1]:10028
> -o smtpd_enforce_tls=yes
> -o smtpd_sasl_auth_enable=yes
> -o smtpd_tls_security_level=encrypt
> -o smtpd_tls_auth_only=yes
> -o
> smtpd_recipient_restrictions=reject_non_fqdn_sender,reject_non_fqdn_recipient,permit_sasl_authenticated,reject
But you also don't override, "smtpd_helo_restrictions", ...
The boilerplate commented submission service in recent upstream Postfix
master.cf files reads:
#submission inet n - n - - smtpd
# -o syslog_name=postfix/submission
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_tls_auth_only=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
Yours should look substantially similar (sans comments):
--
Viktor.
