I'm going to keep it simple: one template for the submission (port 587)
service, and one for smtps (which still seems to be needed in some
places). Three mail submission-like templates becomes unwieldy.
- Both templates override the main.cf settings for smtpd_*_restrictions
to avoid surprises when changes are made to the "port 25" configuration.
- There are no extra syntax or domain existence checks. On the
contrary, I would suggest "-o smtpd_reject_unlisted_recipient=no"
because MUAs do not handle "user unknown" reject messages well. It
may be better to drop such notifications into the user's mailbox.
- These overrides are parametrized to encourage setting them in
main.cf instead of master.cf. Managing such parameters in main.cf
is a realistic possibility now that postconf actually has a clue
about master.cf settings.
#submission inet n - n - - smtpd
# -o syslog_name=postfix/submission
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#smtps inet n - n - - smtpd
# -o syslog_name=postfix/smtps
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
The mua_*_restrictions pseudo-parameters may be set in main.cf.
If, for example, mua_client_restrictions were to be set in main.cf,
then it would control both mail submission services. Otherwise,
the mua_*_restrictions pseudo-parameters all have empty values.
Wietse
