/dev/rob0:
> On Fri, Jan 08, 2010 at 08:37:16AM -0500, Shaun T. Erickson wrote:
> > Yes, this is what is shown in the SASL Howto and how I have had
> > my server's submission port configured in the past.
> >
> > However, in the 2.6.2 postfix distribution I'm trying to configure
> > now, the default definition of the submission port uses the same
> > restrictions, but it applies them to the smtpd_CLIENT_restrictions
> > parameter, NOT the smtpd_RECIPIENT_restrictions parameter. I'm
> > trying to understand if that is just a typo in master.cf or if the
> > change is legit and, if so, why.
>
> Here's the example to which you refer:
> #submission inet n - n - - smtpd
> # -o smtpd_tls_security_level=encrypt
> # -o smtpd_sasl_auth_enable=yes
> # -o smtpd_client_restrictions=permit_sasl_authenticated,reject
>
> If you have already configured your smtpd_recipient_restrictions in
> main.cf to allow SASL AUTH, this example does indeed work. It's
> probably not a typo, but I agree, it can be confusing. Why do this
> with smtpd_client_restrictions, and yet assume that you didn't have
> smtpd_sasl_auth_enable=yes in main.cf already?
The purpose of the submission service is to accept mail only from
authenticated clients. The above submission entry implements this
particular requirement without depending on main.cf settings. This
is done for robustness reasons.
Wietse
> One thing I have learned in my years on this list: Wietse usually has
> a reason, which might have been beyond my ability to understand. :)
> --
> Offlist mail to this address is discarded unless
> "/dev/rob0" or "not-spam" is in Subject: header
