On 12/08/2011 03:24 PM, Grant wrote:
So I should specify smtpd_client_restrictions or smtpd_recipient_restrictions, but not both?
I think most people find it easier to put all of the restrictions under smtpd_recipient_restrictions, since you can just read them top-to-bottom with smtpd_delay_reject = yes (the default).
But no, you probably wouldn't need it in both places unless you had some default restrictions you wanted to override in both places.
Squirrelmail and postfix are on the same machine. I've changed Squirrelmail to send to port 25 with no authentication and no TLS and it works! It must have been failing before because it was trying to authenticate? So this is working because Squirrelmail is part of $mynetworks (localhost) and there are no security implications or any need to enable authentication or TLS as long as Squirrelmail remains on the same machine as postfix? That's a nice way around the Squirrelmail STARTTLS problem.
It's a lot simpler with SquirrelMail on the same machine. Your localhost should be in $mynetworks, so it can send on port 25 thanks to permit_mynetworks.
There's no need to encrypt anything, since the traffic travels over the loopback interface.
