On 6/6/2017 3:21 PM, Andrea wrote: > Hi all. > > Due to the demise of the Sixxs project, which I was using to bypass the > ISP’s filtering of port 25 (in/out), I would like to open a "private" port > on postfix. > It’s a non-standard port and I will be filtering the src range at firewall > level so I’m pretty confident there will be no abuse. > I also want to avoid adding the subnet to mynetworks since I find it > easier to work on the firewall rather than the mail server. > > I was able to have postfix listen on the new port but I realized all > sender and client restrictions are still being enforced despite passing a > <permit> directive: > > XXXXX inet n - - - 250 smtpd > -o smtpd_client_restrictions=permit > > > Furthermore, the server advertises a whole bunch of stuff I don’t really > need (at least not on that port): > > 250-VRFY > 250-ETRN > 250-STARTTLS > 250-AUTH PLAIN LOGIN > 250-AUTH=PLAIN LOGIN > > > > What is the correct configuration to provide a bare smtpd process that > will accept all mail on that specific port
The alternate port inherits all the setting from main.cf, such as smtpd_recipient_restrictions and sasl options. A client must pass each of the smtpd_*_restrictions sections to successfully send mail. You'll need to either adjust the settings in main.cf or provide additional -o overrides. > and treat it as if it was > coming from a mynetworks host? Either adjust the main.cf mynetworks, or provide an alternate -o mynetworks=xxxx on the secondary listener. -- Noel Jones
