On Thu, Jan 25, 2024 at 09:13:22PM +0100, Paul van der Vlis via Postfix-users wrote:
> Op 25-01-2024 om 20:40 schreef Viktor Dukhovni via Postfix-users: > > On Thu, Jan 25, 2024 at 08:31:44PM +0100, Paul van der Vlis via > > Postfix-users wrote: > > > Hello, > > > > > > Since over 20 years I use Postfix, but some things I don't understand... > > > > > > I want different rules for mail what comes through submission(s) and what > > > comes from other mailservers using port 25. What is the correct way to do > > > that? > > > > > From the stock master.cf file (see also the master(5) manpage and/or > > <https://www.postfix.org/master.5.html>): > > > > # Choose one: enable submission for loopback clients only, or for any > > client. > > #127.0.0.1:submission inet n - n - - smtpd > > #submission inet n - n - - smtpd > > Normally I've removed the # before submission. Naturally, the stock file contains *commented-out templates* that you uncomment, and tune to your needs. Each "-o foo=bar", or, lately "-o { foo = bar }", option *overrides* the corresponding main.cf or default settings. > > # here, and specify mua_<xxx>_restrictions in main.cf (where > > # "<xxx>" is "client", "helo", "sender", "relay", or "recipient"). > > # -o smtpd_client_restrictions= > > # -o smtpd_helo_restrictions= > > # -o smtpd_sender_restrictions= > > # -o smtpd_relay_restrictions= > > # -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject > > # -o milter_macro_daemon_name=ORIGINATING > > I understand what you mean. But what is after this? Any other parameters that smtpd(8) supports, which for the particular service (submission, etc.) you want to have a setting that is different than what's in main.cf or the default. > Are then the lines in main.cf used, like smtpd_relay_restrictions or > smtpd_milters? Anything you don't override gets the main.cf or built-in default value. > And where is the point that the mail is accepted? These are not smtpd access restrictions, these are parameter overrides, so there is no "point that the mail is accepted". > > I have, for example: > > > > submission inet n - n - - smtpd > > -o smtpd_milters= > > -o smtpd_sasl_auth_enable=yes > > ... > > This is interesting for me, I would expect such lines here. But in the > examples they are not there. And maybe end with "-o permit" ? No, because these are parameter overrides, not restriction lists. You clearly haven't yet read the master(5) manpage. Please do so next. > > Welcome to master.cf overrides, congratulations on managing to get by > > without them for 20 years. > > ;-) > > And what about lines for port 25. Better to put them in master.cf? No, put as little in master.cf as possible/necessary, only to the extent that different services need different values of the same parameter. > What's left for main.cf then? Only the mail from localhost? Again, these are not access controls. The main.cf file lists the non-default site-specific values of most parameters that don't need per-service overrides, and even for these one of the services can use the main.cf (or default) values with overrides only for the special cases. > Or is "smtpd_relay_restrictions =" not used for incoming mail from > submission(s)? It is, which is why you might want to override it in master.cf. I have: $ postconf -Mf submission/inet submission inet n - n - - smtpd -o syslog_name=postfix/submission -o smtpd_sasl_auth_enable=yes -o smtpd_tls_security_level=encrypt -o smtpd_tls_dh1024_param_file=${config_directory}/dh2048.pem -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o smtpd_recipient_restrictions= -o smtpd_data_restrictions= -o smtpd_end_of_data_restrictions= -o smtpd_tls_ask_ccert=yes -o milter_macro_daemon_name=ORIGINATING -o smtpd_milters=$mua_milters -o always_add_missing_headers=yes -o header_checks=$submit_header_checks -o body_checks= The "mua_milters" custom parameter is defined in main.cf, and specifies just the DKIM signing milter, without any of the milters intended for inbound mail. -- Viktor. _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
