On 10/13/2015 1:01 AM, Christian Kivalo wrote: > Hi, > > On 2015-10-13 05:22, Richard B. Pyne wrote: >> I am running postfix 2.10.1, dovecot 2.2.10, with postfixadmin and >> maia mailguard. >> >> I am trying to figure out how to disable the HELO/EHLO >> reject_non_fqdn_hostname on the submission port since many (most) >> desktop and laptop clients don't send it. >> >> I want to keep the restriction on port 25 >> >> Thanks. >> >> --Richard > > [...] > >> master.cf >> >> smtp inet n - n - - smtpd >> # >> submission inet n - n - - smtpd >> -o syslog_name=postfix/submission >> -o smtpd_tls_security_level=encrypt >> -o smtpd_sasl_auth_enable=yes >> -o smtpd_client_restrictions=permit_sasl_authenticated,reject > > add > -o > smtpd_helo_restrictions=permit_mynetworks,reject_invalid_hostname,permit > > to the submission port settings...
Almost, but not quite. This would allow bogus hostnames in mynetworks, but not from authenticated clients. For submission (and smtps) it's generally better to disable all restrictions other than authentication. add to the submission (and smtps) master.cf entries: -o smtpd_client_restrictons= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject -o smtpd_data_restrictions= -o smtpd_end_of_data_restrictions= # next line for postfix 2.10 or newer -o smtpd_relay_restrictions=permit_sasl_authenticated,reject It's also now common practice to disable AUTH on port 25 and require your users to use submission. This helps to separate services and makes it easier to use different restrictions for the different purposes. > >> # >> smtps inet n - n - - smtpd >> -o syslog_name=postfix/smtps >> -o smtpd_tls_wrappermode=yes >> -o smtpd_sasl_auth_enable=yes >> -o >> smtpd_helo_restrictions=permit_mynetworks,reject_invalid_hostname,permit >> >> -o smtpd_client_restrictions=permit_sasl_authenticated,reject >> -o milter_macro_daemon_name=ORIGINATING >> # > > ...as are set on port 465. That removes/overrides the setting from > main.cf. > > regards > christian
