On 5/8/2013 2:49 PM, Quanah Gibson-Mount wrote: > I recently tweaked my settings for my postfix configuration so that > I have the following defined for the 465 & submission port smtpds: > > -o smtpd_recipient_restrictions= > -o smtpd_relay_restrictions=permit_sasl_authenticated,reject > -o smtpd_end_of_data_restrictions= > > However, this broke cbpolicyd checking on those ports. I believe > the correct solution is to just set: > > -o smtpd_recipient_restrictions= > -o smtpd_relay_restrictions=permit_sasl_authenticated,reject > > and allow the postconf setting for smtpd_end_of_data_restrictions to > apply: > > $ postconf smtpd_end_of_data_restrictions > smtpd_end_of_data_restrictions = check_policy_service > inet:localhost:10031 > > I.e., I believe I should leave smtpd_recipient_restrictions and > smtpd_relay_restrictions unchanged for 465/submission. Does that > seem correct? >
Probably the best solution is to explicitly set all the smtpd_*_restrictions options for submission/smtps in master.cf, so that changes in main.cf don't cause surprises with user submissions. # main.cf submission_end_of_data = check_policy_service inet:localhost:10031 # master.cf submission ... smtpd -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions= -o smtpd_data_restrictions= -o smtpd_end_of_data_restrictions=$submission_end_of_data -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o syslog_name=postfix/submission -o milter_macro_daemon_name=ORIGINATING smtps ... smtpd (copy of the above settings) -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -- Noel Jones
