I have set Postfix only to allow relaying through submission on port
587, and as extra safety, I have installed the PolicyD* service to run
some rate limiting, and is trying to configure it with Postfix.
Since the PolicyD service only needs to check mail that gets relayed, I
am trying to call it from the submission block in master.cf like so:
submission inet n - - - - smtpd
...
-o ... ,check_policy_service inet:127.0.0.1:10031,reject
But it does not work. The log gives this:
"Mar 21 14:16:52 aptget postfix/smtpd[13513]: fatal: parameter
"smtpd_recipient_restrictions": specify at least one working instance
of: check_relay_domains, reject_unauth_destination, reject, defer or
defer_if_permit"
Is it possible to set this policy service up, so it only gets called
when mail goes through submission on 587?
Any pointers will be greatly appreciated
* http://www.policyd.org
Postfix version 2.9.3 from Debian backports
postconf -n
alias_maps = hash:/etc/aliases
bounce_template_file = /etc/postfix/bounce.cf
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
delay_warning_time = 4
disable_vrfy_command = yes
dovecot_destination_recipient_limit = 1
inet_interfaces = all
mailman_destination_recipient_limit = 1
maximal_queue_lifetime = 15
message_size_limit = 26214400
myhostname = aptget.aptget.dk
mynetworks = 127.0.0.0/8
postscreen_dnsbl_action = enforce
postscreen_dnsbl_sites = truncate.gbudb.net*2 b.barracudacentral.org*1
zen.spamhaus.org*1 bl.spamcop.net*1
postscreen_dnsbl_threshold = 2
postscreen_greet_action = enforce
recipient_canonical_classes = envelope_recipient
recipient_canonical_maps = hash:/etc/postfix/pfix-no-srs.cf,
tcp:127.0.0.1:10002
sender_canonical_classes = envelope_sender
sender_canonical_maps = hash:/etc/postfix/pfix-no-srs.cf,
tcp:127.0.0.1:10001
smtp_tls_security_level = may
smtp_tls_session_cache_database =
btree:$data_directory/smtp_tls_session_cache
smtpd_data_restrictions = reject_unauth_pipelining,
reject_multi_recipient_bounce, permit
smtpd_helo_required = yes
smtpd_recipient_restrictions = reject_non_fqdn_sender,
reject_non_fqdn_recipient, reject_unknown_sender_domain,
reject_unknown_recipient_domain, reject_unauth_destination, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_exceptions_networks = $mynetworks
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_ask_ccert = yes
smtpd_tls_cert_file = /etc/ssl/self-signed/smtpd.crt
smtpd_tls_key_file = /etc/ssl/self-signed/smtpd.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database =
btree:$data_directory/smtpd_tls_session_cache
spamassassin_destination_recipient_limit = 1
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport.cf
virtual_alias_maps =
proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains =
proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_maps =
proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_transport = dovecot
virtual_uid_maps = static:5000
