On 12/3/2012 2:30 AM, Tomas Macek wrote:
> OK, so I spent some time reading config params in doc and topics in
> various forums and decided to setup my submission port 587 like this:
>
> submission inet n - n - - smtpd
> -o smtpd_etrn_restrictions=reject
> -o smtpd_sasl_auth_enable=yes
> -o
> smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
>
>
> I decided not to use the "smtpd_sasl_exceptions_networks = $mynetworks",
> because I experienced, that Opera M2 mail client sends the auth
> credentials even if none auth is offered by the mail server... don't
> know why, but maybe there is still some other mail client with this
> strange behaviour...
>
> Do you agree with this setup? Any further recomendations?
You might want to look into these as well:
-o content_filter=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o receive_override_options=no_unknown_recipient_checks,\
no_address_mappings,no_header_body_checks
These disable restrictions configured elsewhere in the system that
target public client MTAs. This is a submission service, so you
probably want to disable many of the existing restrictions, such as
DNSBL lookups, SpamAssassin, etc, which will cause rejections, or users'
outbound mail possibly being marked as spam. And obviously server
processing load increases due to more mail going through SA if you don't
disable SA for this service.
--
Stan
