Declaring options for submission port daemon

[Nikolaos Milas]

Hello,

When defining options for the submission port (587) daemon in master.cf, 
we must re-define explicitly all smtpd_* settings or not, or some 
(*which?*) are inherited from the standard main.cf settings? More 
specifically, should we define separately:

submission inet n       -       n       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_enforce_tls=yes
  -o smtpd_sasl_auth_enable=yes
  -o 
smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
  -o smtpd_recipient_restrictions=check_recipient_access 
hash:/etc/postfix/protected_destinations,
     permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,
     reject_unknown_recipient_domain,reject_unverified_recipient
  -o smtpd_use_tls = yes
  -o smtpd_tls_auth_only = yes
  -o smtpd_tls_key_file = /etc/pki/tls/private/key.pem
  -o smtpd_tls_cert_file = /etc/pki/tls/certs/cert.pem
  -o smtpd_tls_CAfile = /etc/pki/tls/certs/chain.pem
  -o smtpd_tls_loglevel = 1
  -o smtpd_tls_received_header = yes
  -o smtpd_tls_session_cache_timeout = 3600s
  -o smtpd_sasl_auth_enable = yes
  -o smtpd_sasl_security_options = noanonymous
  -o broken_sasl_auth_clients = yes
  -o smtpd_sasl_type = dovecot
  -o smtpd_sasl_path = /var/spool/postfix/private/auth
  -o smtpd_delay_reject = yes

or is it enough to declare:

submission inet n       -       n       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_enforce_tls=yes
  -o smtpd_sasl_auth_enable=yes
  -o 
smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
  -o smtpd_recipient_restrictions=check_recipient_access 
hash:/etc/postfix/protected_destinations,
     permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,
     reject_unknown_recipient_domain,reject_unverified_recipient
  -o smtpd_use_tls = yes
  -o smtpd_tls_auth_only = yes
  -o smtpd_tls_received_header = yes
  -o smtpd_tls_session_cache_timeout = 3600s
  -o smtpd_sasl_auth_enable = yes
  -o smtpd_sasl_security_options = noanonymous
-o smtpd_delay_reject = yes

assuming that the following settings are inherited from main.cf?
  smtpd_tls_key_file = /etc/pki/tls/private/key.pem
smtpd_tls_cert_file = /etc/pki/tls/certs/cert.pem
smtpd_tls_CAfile = /etc/pki/tls/certs/chain.pem
smtpd_tls_loglevel = 1
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = /var/spool/postfix/private/auth

I also assume that we can also use here (i.e. in submission port 
options) for smtpd_recipient_restrictions check_recipient_access tables, 
the smtpd_restriction_classes we have defined in main.cf?

Please correct me where I am wrong.

Any other options (except smtpd_*) which we should also redefine?

Thanks,
Nick