On Thu, Aug 17, 2023 at 09:47:13AM +0800, Jon Smart wrote:
> >> If your have smtpd_sasl_auth_enable=yes for your services on port
> >> 587 (submission) and port 465 (smtps or submissions), then you can
> >> remove it from master.cf when all your AUTH users are not using
> >> the port 25 service.
> >
> > Nit: Wietse meant to say: "from main.cf", not "from master.cf".
> >
>
> It outputs only this info:
>
> # postconf -P '*/inet/smtpd_sasl_auth_enable'
> postconf: warning: unmatched request: "*/inet/smtpd_sasl_auth_enable"
That's because you don't have the required explicit settings in
master.cf. You'll first need to add these. Below my signature
you'll find the commented-out stock definitions of the "submission"
(port 587) and "submissions" (port 465) services from the "master.cf"
file included with the Postfix source code. You should find a copy
on your system named "master.cf.proto":
$ ls $(postconf -xh meta_directory)/master.cf.proto
/usr/local/etc/postfix/master.cf.proto
Note the lines:
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_tls_auth_only=yes
You'll need to merge these (suitably indented with whitespace) into your
master.cf. One way to do that is (as "root", and assuming your services
are using the same port "names", and not port numbers or IP:port):
# postconf -P \
submission/inet/smtpd_sasl_auth_enable=yes \
submission/inet/smtpd_tls_auth_only=yes \
submissions/inet/smtpd_sasl_auth_enable=yes \
submissions/inet/smtpd_tls_auth_only=yes
You can replace the "names" (optional IP + port name or number) with
whatever you actually have for submission in your master.cf file.
Try make it as close as reasonably possible to the stock defintions, but
don't cargo-cult settings you don't understand. Any changes you apply
need to make sense for your system.
--
Viktor.
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (no) (never) (100)
# ==========================================================================
# Choose one: enable submission for loopback clients only, or for any client.
#127.0.0.1:submission inet n - n - - smtpd
#submission inet n - n - - smtpd
# -o syslog_name=postfix/submission
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_tls_auth_only=yes
# -o local_header_rewrite_clients=static:all
# -o smtpd_reject_unlisted_recipient=no
# Instead of specifying complex smtpd_<xxx>_restrictions here,
# specify "smtpd_<xxx>_restrictions=$mua_<xxx>_restrictions"
# here, and specify mua_<xxx>_restrictions in main.cf (where
# "<xxx>" is "client", "helo", "sender", "relay", or "recipient").
# -o smtpd_client_restrictions=
# -o smtpd_helo_restrictions=
# -o smtpd_sender_restrictions=
# -o smtpd_relay_restrictions=
# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
# Choose one: enable submissions for loopback clients only, or for any client.
#127.0.0.1:submissions inet n - n - - smtpd
#submissions inet n - n - - smtpd
# -o syslog_name=postfix/submissions
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o local_header_rewrite_clients=static:all
# -o smtpd_reject_unlisted_recipient=no
# Instead of specifying complex smtpd_<xxx>_restrictions here,
# specify "smtpd_<xxx>_restrictions=$mua_<xxx>_restrictions"
# here, and specify mua_<xxx>_restrictions in main.cf (where
# "<xxx>" is "client", "helo", "sender", "relay", or "recipient").
# -o smtpd_client_restrictions=
# -o smtpd_helo_restrictions=
# -o smtpd_sender_restrictions=
# -o smtpd_relay_restrictions=
# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
