Le 13/04/2013 21:33, Russell Jones a écrit :
> Hi all,
>
> Upgrading mail server from Postfix 2.9 to 2.10. Could I get a quick
> sanity check to ensure my (fairly simple) setup is sane with the new
> smtpd_relay_restrictions? Thanks :-)
>
> smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
> reject_unauth_destination
> smtpd_recipient_restrictions = permit_mynetworks
> permit_sasl_authenticated check_client_access
> hash:/etc/postfix/rbl_override reject_rbl_client zen.spamhaus.org
>
>
> Also, just as a sanity check on my own understanding of this option
> being split into two now.... The relay_restrictions section is pretty
> self-explanatory, however in the docs it recommends also keeping
> permit_mynetworks and permit_sasl_authenticated in the
> recipient_restrictions section to exclude those clients from RBL
> lookups. This would only come into play when a user of the server is
> sending mail to another local user on the box, correct?
>
"this would" "come to play" for mail sent from mynetworks or by an
authenticated user.
if you have completely separate services for MX and submission, then you
can remove these two permit from your smtpd_restrictions and from your
smtpd_relay_restrictions. In the case where the same postfix instance
is used for MX and submission, make sure to specify the restrictions
that will be used for submission. something along the lines:
submission inet n - n - - smtpd
-o smtpd_sasl_auth_enable=yes
-o syslog_name=${submission_syslog_name}
-o cleanup_service_name=cleanmsa
-o myhostname=${submission_myhostname}
-o smtpd_tls_security_level=${submission_tls_security_level}
-o smtpd_client_restrictions=${submission_client_restrictions}
-o smtpd_helo_restrictions=${submission_helo_restrictions}
-o smtpd_sender_restrictions=${submission_sender_restrictions}
-o smtpd_recipient_restrictions=${submission_recipient_restrictions}
-o smtpd_relay_restrictions=${submission_relay_restrictions}
-o content_filter=${submission_content_filter}
-o receive_override_options=no_address_mappings
cleanmsa unix n - n - 0 cleanup
-o syslog_name=${submission_syslog_name}
-o header_checks=${submission_header_checks}
-o mime_header_checks=${submission_mime_header_checks}
then each submission_mumble is defined in main.cf.
