Ramūnas Vabolis wrote:
Hello there,
I'm administrating pretty low volume mail server. The system is Debian etch
with postfix 2.3.8.
I'm trying to setup it that sasl_authed users would skip filter. I've
skimmed through discussions and
found a very similar problem and solution for after filtering:
-----------------------------------
/etc/postfix/main.cf:
smtpd_recipient_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
XXX
At the point where it says XXX we would like to say something like
"filter smtp:127.0.0.1:10024" but Postfix doesn't work that way, so
you need a little access map that always matches:
/etc/postfix/main.cf:
smtpd_recipient_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
pcre:/etc/postfix/access.pcre
/etc/postfix/access.pcre:
/./ filter smtp:127.0.0.1:10024
------------------------------------
Since it's before filtering, all options are in master.cf file and I just
can't figure it out how to translate these settings.
My master.cf entry for now is:
84.15.44.221:smtp inet n - - - 20
smtpd
# -o
smtp_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_
unauth_destination,pcre:/etc/postfix/access.pcre
-o smtpd_proxy_filter=127.0.0.1:10024
-o smtpd_client_connection_count_limit=10
Is there any way to translate settings for after filter from main.cf to
before filter in master.cf?
The connection to the smtpd_proxy_filter is opened as soon as
the client connects. You cannot pick different before queue
filters.
The best solution is to have your authenticated users submit
mail on the "submission" port 587 (that's what it's for) and
disable smtpd_proxy_filter on that port.
Yes, this requires a setting change on the client, but the
additional benefit is that their mail is far less likely to be
blocked by their ISP.
--
Noel Jones
