On Wed, Aug 28, 2013 at 12:06:17PM -0700, Quanah Gibson-Mount wrote:
> We have a client allowing auth'd submissions over port 25.
> Unfortunately, the authenticated submissions are hitting their RBL
> settings. The postfix release is 2.10.0, with the following
> parameters:
>
> smtpd_recipient_restrictions = reject_non_fqdn_recipient,
> permit_mynetworks, reject_unlisted_recipient,
> reject_unknown_sender_domain, reject_rbl_client dnsbl.njabl.org
> reject_rbl_client cbl.abuseat.org reject_rbl_client bl.spamcop.net
> reject_rbl_client sbl.spamhaus.org reject_rbl_client
> relays.mail-abuse.org, permit
>
> smtpd_relay_restrictions = permit_sasl_authenticated,
> permit_mynetworks, reject_unauth_destination
For 2.10 and later in the submission master.cf entry, configure
*only* smtpd_relay_restrictions, and set smtpd_recipient_restrictions
empty. Submission clients are typically subject to only relay
controls.
master.cf:
submission inet n ... smtpd
-o smtpd_client_restictions=$submission_client_restrictions
-o smtpd_helo_restictions=$submission_helo_restrictions
-o smtpd_sender_restictions=$submission_sender_restrictions
-o smtpd_recipient_restictions=$submission_recipient_restrictions
-o smtpd_relay_restictions=$submission_relay_restrictions
-o smtpd_data_restrictions=$submission_data_restrictions
-o smtpd_end_of_data_restrictions=$submission_end_of_data_restrictions
-o smtpd_tls_security_level=encrypt
-o ...
main.cf:
submission_relay_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject
# other submission_mumble_restrictions implicitly empty by default
--
Viktor.
