Hello,
I'm pretty new to Postfix, and I have a couple of questions that
I've been wondering about. I'd be really thankful if anyone could
offer some clarification.
Here's how I've understood it. Please correct me if I'm wrong.
`submission' handles e-mail connecting via port 587. That means
it handles the e-mail I send from my local mail user agent.
My master.cf also defines the `smtp' service, which seems to run
the same command as `submission' (namely, smtpd). Am I right in
believing this is the service handling incoming e-mail from other
servers?
If I'm correct about that, my question is what restrictions I
should place on e-mail from other servers and e-mail from my own
MUA, respectively. Currently, this is in my main.cf:
--8<---------------cut here---------------start------------->8---
smtpd_relay_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
defer_unauth_destination
smtpd_helo_required = yes
smtpd_helo_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_helo_hostname,
reject_invalid_helo_hostname,
permit
smtpd_sender_restrictions =
permit_mynetworks,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
permit
smtpd_recipient_restrictions =
reject_unauth_pipelining,
reject_unknown_recipient_domain,
permit_mynetworks,
reject_unauth_destination,
check_sender_access
hash:/etc/postfix/db/sender-access,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client bl.spamcop.net,
check_policy_service inet:127.0.0.1:10023,
permit_sasl_authenticated,
reject_non_fqdn_recipient,
permit
# (:10023 is postgrey)
--8<---------------cut here---------------end--------------->8---
But in my master.cf, those values are overridden for the
`submission' service:
--8<---------------cut here---------------start------------->8---
submission inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_reject_unlisted_recipient=no
-o smtpd_client_restrictions=$mua_client_restrictions
-o smtpd_helo_restrictions=$mua_helo_restrictions
-o smtpd_sender_restrictions=$mua_sender_restrictions
-o smtpd_recipient_restrictions=
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
--8<---------------cut here---------------end--------------->8---
For the `smtp' service I use the restrictions as defined in my
main.cf, and they work fine, but I wonder what restrictions are
appropriate for `submission'. Currently, all variables beginning
with $mua... are set to empty values.
To clarify my questions:
- Am I correct in my assumptions about `smtp' and `submission'?
- What restrictions should I use for `submission'?
- Do the restrictions set in main.cf look good? (Through testing,
I have noticed that I cannot use the same restrictions for
`submission', though.)
Thank you for your help!
- John
