On 4/13/2013 2:39 PM, Reindl Harald wrote:
i would ALWAYS include "reject_unauth_destination" BEFORE "check_client_access"
here
Thanks Reindl!
It was before, however I read on the Postfix docs that
reject_unauth_destination is no longer necessary in the
recipient_restrictions section, hence why I removed it. Is it considered
better practice to leave it in place?
http://www.postfix.org/SMTPD_ACCESS_README.html
#reject_unauth_destination
<http://www.postfix.org/postconf.5.html#reject_unauth_destination> is not
needed here if the mail
# relay policy is specified undersmtpd_relay_restrictions
<http://www.postfix.org/postconf.5.html#smtpd_relay_restrictions>
# (available with Postfix 2.10 and later)
really, neither of permit_mynetworks nor permit_sasl_authenticated belong in
any global restrictions.
smtp auth [e.g sasl] is for submission clients, which should be using
submission/587, and these days,
This is contrary to what is in the docs as an example, however I have port 25
closed off in master.cf to prevent authentication anyway. 587 is the only port
I permit authenticated relaying against.
smtpd -o smtpd_sasl_auth_enable=no
