On Wed, 21 Oct 2009, johnea wrote: > OT?: I commented out the: # -o milter_macro_daemon_name=ORIGINATING > since this wasn't a listed value for this parameter in the docs, > and I wasn't sure what that line was doing.
If you do not use milters, then you can safely ignore this. > The main.cf remained unchanged with these restrictions: > > atom# postconf -n | grep _restrictions > smtpd_helo_restrictions = permit_mynetworks, > reject_non_fqdn_helo_hostname, > reject_invalid_helo_hostname, > reject_unknown_helo_hostname, > permit You can remove that trailing permit. > smtpd_recipient_restrictions = permit_sasl_authenticated, > permit_mynetworks, > reject_invalid_hostname, > reject_non_fqdn_hostname, > reject_non_fqdn_sender, > reject_non_fqdn_recipient, > reject_unknown_sender_domain, > reject_unknown_recipient_domain, > reject_unknown_client_hostname, > reject_unauth_destination, > check_policy_service unix:private/policy > smtpd_sender_restrictions = permit_mynetworks, > reject_unauthenticated_sender_login_mismatch > > > Another related but somewhat OT question: Since the users are now migrated > to exclusively using the submission port; Should I remove the 3 > permit_mynetworks and the permit_sasl_authenticated? Leave them there, unless you want SASL authenticated clients to be subject to the reject_foo_bar restrictions that follow. Remember, since you only override your main.cf smtpd_(helo|client)_restrictions in master.cf, all clients (via the submission service or otherwise) are subject to smtpd_recipient_restrictions. > If the permit_* statements are removed, should reject_unauth_destination be > moved to the top of the smtpd_recipient_restrictions list? I think it is fine as is. -- Sahil Tandon <sa...@tandon.net>
