On Fri, Jan 08, 2010 at 08:37:16AM -0500, Shaun T. Erickson wrote:
> Yes, this is what is shown in the SASL Howto and how I have had
> my server's submission port configured in the past.
> 
> However, in the 2.6.2 postfix distribution I'm trying to configure 
> now, the default definition of the submission port uses the same 
> restrictions, but it applies them to the smtpd_CLIENT_restrictions 
> parameter, NOT the smtpd_RECIPIENT_restrictions parameter. I'm 
> trying to understand if that is just a typo in master.cf or if the 
> change is legit and, if so, why.

Here's the example to which you refer:
    #submission inet n       -       n       -       -       smtpd
    #  -o smtpd_tls_security_level=encrypt
    #  -o smtpd_sasl_auth_enable=yes
    #  -o smtpd_client_restrictions=permit_sasl_authenticated,reject

If you have already configured your smtpd_recipient_restrictions in
main.cf to allow SASL AUTH, this example does indeed work. It's
probably not a typo, but I agree, it can be confusing. Why do this
with smtpd_client_restrictions, and yet assume that you didn't have
smtpd_sasl_auth_enable=yes in main.cf already?

One thing I have learned in my years on this list: Wietse usually has
a reason, which might have been beyond my ability to understand. :)
-- 
    Offlist mail to this address is discarded unless
    "/dev/rob0" or "not-spam" is in Subject: header

Reply via email to