Shaun T. Erickson a écrit :
> On Thu, Jan 7, 2010 at 5:14 PM, mouss <mo...@ml.netoyen.net> wrote:
>> ...
>> To allow relay, you need to configure smtpd_recipient_restrictions. By
>> default, this contains
>> permit_mynetworks
>> reject_unauth_destination
>> so if you don't change it, only "mynetworks" can relay. so you need to
>> add permit_sasl_authentiated before reject_unauth_destination.
>
> Yes, this is what is shown in the SASL Howto and how I have had my
> server's submission port configured in the past.
>
> However, in the 2.6.2 postfix distribution I'm trying to configure
> now, the default definition of the submission port uses the same
> restrictions, but it applies them to the smtpd_CLIENT_restrictions
> parameter, NOT the smtpd_RECIPIENT_restrictions parameter. I'm trying
> to understand if that is just a typo in master.cf or if the change is
> legit and, if so, why.
First of all, if you refer to:
permit_sasl_authenticated,reject
Then this is not the same as
permit_sasl_authenticated,reject_unauth_destination
The first means: only accept mail from authenticated users.
The second means: accept mail from anyone, but only relay mail from
authenticated users.
anyway, you can put your checks under smtpd_client_restrictions or
smtpd_recipient_restrictions. But for those like me who put more checks
under smtpd_recipient_restrictions (such as reject_non_fqdn_recipient,
...), I prefer that the default config sets smtpd_client_restrictions
and not smtpd_recipient_restrictions.
