On 7/7/2017 12:37 AM, Doug Hardie wrote:
>
>> On 6 July 2017, at 12:40, Doug Hardie <d...@mail.sermon-archive.info> wrote:
>>
>>>
>>> On 6 July 2017, at 12:06, Noel Jones <njo...@megan.vbhcs.org> wrote:
>>>
>>> main.cf doesn't allow spaces in the options. The supported syntax
>>> is to either use commas "," rather than spaces; enclose the option
>>> in braces "{ ... }"; or the preferred method of defining a macro in
>>> main.cf and reference it in master.cf. See the master.cf man page.
>>>
>>> # main.cf
>>> my_smtpd_restrictions =
>>> check_policy_service inet:127.0.0.1:10040
>>> reject_invalid_hostname,
>>> reject_non_fqdn_sender,
>>> reject_non_fqdn_recipient,
>>> reject_unknown_sender_domain,
>>> reject_unknown_recipient_domain,
>>> reject_unauth_pipelining,
>>> permit_mynetworks,
>>> reject_unauth_destination,
>>> reject_rbl_client bl.spamcop.net
>>> permit
>>>
>>> # master.cf
>>> smtpd pass - - n - - smtpd
>>> -o smtpd_recipient_restrictions=$my_smtpd_restrictions
>>
>>
>> Thanks. That makes sense now.
>
> Well, I thought I understood it, but now am not so sure so here is what I
> have ready to try. I still am a bit confused in the macro in main.cf some of
> the lines have a comma at the end and others do not. When is the comma
> needed?
main.cf treats comma, space, tab, and newline, all as whitespace,
and they can be used interchangeably. Insert commas as desired for
readability. See the main.cf manpage.
>
> main.cf
> # Incoming restrictions and Implement postfwd
> incoming_smtpd_restrictions =
> check_policy_service inet:127.0.0.1:10040
> reject_invalid_hostname,
> reject_non_fqdn_sender,
> reject_non_fqdn_recipient,
> reject_unknown_sender_domain,
> reject_unknown_recipient_domain,
> reject_unauth_pipelining,
> permit_mynetworks,
> check_recipient_access hash:/usr/local/etc/postfix/tempfail
> reject_unauth_destination,
> reject_rbl_client bl.spamcop.net
> permit
>
> Virtual_alias_maps file:
> bc97...@lafn.org doug
> ...
>
> tempfail file:
> bc97...@lafn.org 450 4.2.1 This mailbox is unavailable today
>
>
> master.cf:
> smtpd pass - - n - - smtpd
> submission inet n - n - - smtpd
> -o smtpd_recipient_restrictions=permit_mynetworks
>
Your submission options must have a reject at the end. Most folks
use permit_sasl_authenticated instead of permit_mynetworks on
submission, but use whatever is correct for your server.
-o smtpd_recipient_restrictions=permit_mynetworks,reject
Note master.cf syntax difference; no spaces around the comma.
-- Noel Jones
