On 6/4/2013 10:34 AM, Marko Weber | ZBF wrote: > > > Am 2013-06-04 15:00, schrieb Benny Pedersen: >> Grant skrev den 2013-06-04 01:45: >> >>> The big config change I see referenced with regard to 2.10 is >>> smtpd_relay_restrictions but I don't see how that could be related. >>> My smtpd_relay_restrictions is blank. >> >> suggest to make it not in main.cf, but use this restriction only on >> master.cf to disable it for submission and pickup service ports so >> its >> just add -o smtpd_relay_restrictions= on this lines in master.cf >> >> it worked for me :) > > am i allowed to ask why disabling smtpd_relay_restrictions only on > submission? > & > is this really the way to use it? ( in master.cf ?)
This is not good general advice. A properly-configured smtpd_relay_restrictions should not interfere with submission, and is not used by pickup (since it's not SMTP). The intention of smtpd_relay_restrictions is to be a last-ditch anti-relay rule to prevent accidents from a misconfigured smtpd_recipient_restrictions. As such, it should be as bare-bones as possible, containing ONLY rules related to relaying and not encumbered with anti-spam or other access rules. I expect 99%+ of postfix sites can safely set it to # main.cf smtpd_relay_restrictions = permit_mynetworks, # uncomment next line if using SASL # permit_sasl_authenticated, reject_unauth_destination and leave it at that, with no changes to existing rules. The same smtpd_relay_restrictions setting should work for smtp/submission/smtps, so no overrides should be needed in master.cf. The only place this won't work correctly is sites doing something "odd" in smtpd_recipient_restrictions to allow relay from unauthenticated clients who are not in $mynetworks. I've also seen some people suggest that reject_unauth_destination should be removed from smtpd_recipient_restrictions. I disagree with that advice too. While technically correct that reject_unauth_destination is no longer required, there is no general benefit in removing it except possibly those very few sites with complex relay rules. -- Noel Jones
