submission configuration and RFC 6409

Wed, 12 Oct 2022 05:16:42 -0700 

Hi list.
A couple of months ago an email I sent from my phone was bounced by the recipient's SMTP server because the email had no Message-ID header. It turns out the email app that I've been using on my phone for years doesn't generate a Message-ID, but this was the first time that this had been a problem... 


Anyway it turned out to be fairly simple to get Postfix to add the 
missing Message-ID header: I just needed the email to satisfy 
"local_header_rewrite_clients".



But this got me thinking about 'best practice' configuration of Postfix 
to meet RFC 6409, and I realised that (AFAICT) this isn't covered by the 
Postfix documentation. And so I assume that most people (like me) just 
uncomment the submission lines (in master.cf) provided by their distro's 
postfix package? But this Message-ID experience has shown me that the 
distro's master.cf submission, while good, is not 100% perfect?



And so I wonder whether it might be worthwhile to add a page to the 
Postfix documentation to describe how to correctly configure Postfix 
submission/submissions services?



FWIW in case anyone is interested in my solution to the Message-ID 
issue... My initial solution was to specify (in main.cf) 
"local_header_rewrite_clients = permit_inet_interfaces, 
permit_sasl_authenticated". And while this did the trick, it didn't feel 
right, because it relied on the indirection - i.e. submission requires 
SASL authentication which therefore makes it eligible for header 
rewrites. What I really wanted was to say that submission is eligible 
for header rewrites period. And so I ended up removing the option from 
main.cf and including "-o local_header_rewrite_clients=static:all" in 
master.cf instead:


   submission inet n       -       y       -       -       smtpd
      -o syslog_name=postfix/submission
      -o smtpd_tls_security_level=encrypt
      -o smtpd_sasl_auth_enable=yes
      -o smtpd_tls_auth_only=yes
      -o smtpd_reject_unlisted_recipient=no
      -o smtpd_delay_reject=no
      -o smtpd_client_restrictions=$mua_client_restrictions
      -o smtpd_helo_restrictions=$mua_helo_restrictions
      -o smtpd_sender_restrictions=$mua_sender_restrictions
      -o smtpd_recipient_restrictions=
      -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
      -o milter_macro_daemon_name=ORIGINATING
   *-o local_header_rewrite_clients=static:all*


FYI "-o smtpd_delay_reject=no" above is another manual addition of mine, 
not part of original distro's master.cf.


Thanks,

Nick.























					Reply via email to