2.10.0 smtpd_relay_restrictions

Tue, 12 Mar 2013 12:45:04 -0700 

Hi,

today I upgraded to the new 2.10.0 version. I have read the RELEASE_NOTES and 
looked inside postconf-manpage.

As I understood, the smtpd_relay_restrictions are evaluated before 
smtpd_recipient_restrictions. In the RELEASE_NOTES I can read that there are 3 
possibilities to deal with the new option. I decided for the copy-part. So my 
current settings look like this:

master.cf:

193.239.107.42:submission
          inet  n       -       -       -       -       smtpd
    -o syslog_name=postfix:587
    -o milter_macro_daemon_name=ORIGINATING
    -o smtpd_banner=${smtpd_submission_banner}
    -o myhostname=mail.roessner-net.de
    -o smtpd_sasl_auth_enable=yes
    -o smtpd_tls_cert_file=/etc/ssl/certs/mail.roessner-net.de.pem
    -o smtpd_tls_key_file=/etc/ssl/private/mail.roessner-net.de.key.pem
    -o smtpd_tls_CAfile=/etc/ssl/certs/SSL123_CA_Bundle.pem
    -o smtpd_tls_security_level=encrypt
    -o always_add_missing_headers=yes
    -o smtpd_relay_restrictions=${authenticated_smtpd_relay_restrictions}
    -o 
smtpd_recipient_restrictions=${authenticated_smtpd_recipient_restrictions}
    -o smtpd_reject_footer=

And in main.cf I have the following:

authenticated_smtpd_relay_restrictions =
    check_sender_access pcre:${map}/sender_access.pcre,
    check_recipient_access ${mapidx}/reject_srvint_net,
    reject_non_fqdn_recipient,
    permit_sasl_authenticated,
    reject_unauthenticated_sender_login_mismatch,
    reject_unauth_destination

authenticated_smtpd_recipient_restrictions =
    check_sender_access pcre:${map}/sender_access.pcre,
    check_recipient_access ${mapidx}/reject_srvint_net,
    reject_non_fqdn_recipient,
    permit_sasl_authenticated,
    reject_unauthenticated_sender_login_mismatch,
    reject_unauth_destination

So far this works, but it has duplicate stuff. So my question is: what can be 
removed in each block? The check_* rules do the following: 1.) Disallow two 
test-users from sending and 2.) Do not allow the srvint.net domain as sender 
domain. If I do all the tests in the smtpd_relay_restrictions, what will be 
left for the smtpd_recipient_restrictions?

Thanks in advance

-Christian Rößner

--
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Joerg Heidrich

Reply via email to