Re: submission users still rejected by zen

Tue, 06 Mar 2012 15:07:33 -0800 

On Tue, Mar 06, 2012 at 04:44:26PM -0600, Stan Hoeppner wrote:
> On 3/6/2012 2:25 PM, /dev/rob0 wrote:
> > On Tue, Mar 06, 2012 at 01:30:59PM -0600, Stan Hoeppner wrote:
> >> On 3/6/2012 11:03 AM, Alex wrote:
> >>
> >>> --master.cf--
> >>> submission inet n       -       n       -       -       smtpd
> >>>   -o smtpd_tls_security_level=encrypt
> >>>   -o smtpd_sasl_auth_enable=yes
> >>>   -o smtpd_client_restrictions=permit_sasl_authenticated,reject
> >>
> >>     -o smtpd_recipient_restrictions=
> > 
> > This will not work; smtpd_recipient_restrictions is required. See 
> > my earlier post for a workable solution.
> 
> Yeah, I forgot you have to specify at least one.  Should have 
> checked my own config.  I was responding to your earlier post--I 
> wouldn't think it should require anything that complex in main.cf 
> just to set recipient restrictions for the submission daemon.

No, not required, but it's more convenient IMO to put complexity in 
main.cf rather than master.cf. Some sites might want restrictions 
before accepting submission mail, such as for unknown domains, 
unlisted senders or sender mismatch.

>  I don't recall seeing such a
> setup mentioned here before anyway.

Oh yes, IIRC I originally saw the idea from Victor. It's even better 
now with 2.9's postconf(1) improvements; "postconf custom_setting" 
shows any such custom setting as defined.

>  FWIW I don't use auth for
> submission, but do have a submission service for internal users
> (external access is via webmail).
> 
> 10125     inet  n       -       -       -       -       smtpd
>         -o smtpd_client_restrictions=
>         -o smtpd_helo_restrictions=
>         -o smtpd_sender_restrictions=

You might also want to put in that -o syslog_name :)

>         -o smtpd_recipient_restrictions=permit_mynetworks,reject
>         -o receive_override_options=no_unknown_recipient_checks,\
>            no_address_mappings,no_header_body_checks

This is a perfect example of why you'd want to list that in main.cf:

submission_overrides = no_unknown_recipient_checks,
        no_address_mappings, no_header_body_checks

and then:
    -o receive_override_options=$submission_overrides

Keeps it all nice and neat on one readable line in master.cf.
-- 
  http://rob0.nodns4.us/ -- system administration and consulting
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:

Reply via email to