Re: upgrade 2.10 - 3.3 config compatibility

Sun, 21 Mar 2021 21:13:28 -0700 

On Mon, Mar 22, 2021 at 12:32:18PM +1000, Simon Wilson wrote:

> I have temporarily set it at 0 after reading  
> http://www.postfix.org/COMPATIBILITY_README.html to ensure that I pick  
> up in logging if/when backwards-compatibility is triggered by the  
> legacy settings as follows (from  
> http://www.postfix.org/COMPATIBILITY_README.html):
> 
>   Logged with compatibility_level < 1:
> 
>     **Using backwards-compatible default setting append_dot_mydomain=yes**
>     Using backwards-compatible default setting chroot=y

This will only be logged if you have not explicitly set a value
for "append_dot_mydomain".

>   Logged with compatibility_level < 2:
> 
>     Using backwards-compatible default setting "smtpd_relay_restrictions = 
> (empty)"
>     Using backwards-compatible default setting mynetworks_style=subnet
>     **Using backwards-compatible default setting 
> relay_domains=$mydestination**
>     Using backwards-compatible default setting smtputf8_enable=no

Ditto.  My advice is generally to set "relay_domains" empty, or at least
to not include "relay_domains" in "parent_domain_matches_subdomains".

And of course set mynetworks explicitly, which makes "mynetworks_style"
irrelevant, but best to set that to "host".

For the smtpd_relay_restrictions, set:

    # Typically, there's no SASL on port 25, and for submission,
    # you'd should have an explicit override in master.cf
    #
    smtpd_relay_restrictions =
        permit_mynetworks,
        reject_unauth_destination

but given that prior to 3.6 the order of relay vs. recipient
restrictions is not as expected, also do the same at the top
of smtpd_recipient_restrictions for now.

    smtpd_recipient_restrictions =
        permit_mynetworks,
        reject_unauth_destination
        ... RBLs, ... for inbound mail ...

> With the items I need to watch for (emphasis added ** **) that means I  
> need it to be less than 1. Once I am confident of the outcome I'll set  
> to 2.

When you upgrade to Postfix 3.6, and set the compatibility level to 3.6,
you can simplify the recipient restrictions to just the anti-abuse rules
(privided the relay restrictions are all set),

-- 
    Viktor.

Reply via email to