Hi, I have number of books on Postfix that I'm referencing at the moment, but many of them are old and don't include some of the best practices.
These days it is common to restrict port 25 to mail relay and port 587 to submission. Because submission is only used by authenticated clients, I think many Postfix restriction could be relaxed for MUAs, but I'm not sure of the best practices. For example, with reject_unverified_recipient restriction, my MUA is blocked from submitting an email and pops up an error message about invalid recipient. However, removing this restriction generates a bounce email, which seems to be more user friendly than a transient error message. I'm pondering about removing other restrictions as well, which prevent bounce emails. Anyway, below is my current test config. Could anyone make suggestions or recommendations on various mua_*_restrictions which are inline with current modern practices? Thanks. PS. I disable TLS only for testing and it will be enabled in production. master.cf: submission inet n - n - - smtpd -o syslog_name=postfix/submission -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/dovecot-auth -o broken_sasl_auth_clients=yes -o syslog_name=postfix/submission -o milter_macro_daemon_name=ORIGINATING # -o smtpd_tls_security_level=encrypt # -o smtpd_tls_auth_only=yes -o local_header_rewrite_clients=static:all -o smtpd_reject_unlisted_recipient=no -o smtpd_client_restrictions=$mua_client_restrictions -o smtpd_helo_restrictions=$mua_helo_restrictions -o smtpd_sender_restrictions=$mua_sender_restrictions -o smtpd_relay_restrictions=$mua_relay_restrictions -o smtpd_recipient_restrictions=$mua_recipient_restrictions -o smtpd_data_restrictions=$mua_data_restrictions -o smtpd_end_of_data_restrictions=$mua_end_of_data_restrictions main.cf: mua_client_restrictions = check_client_access hash:/etc/postfix/mua_client_access mua_helo_restrictions = reject_invalid_helo_hostname reject_non_fqdn_helo_hostname check_helo_access hash:/etc/postfix/mua_helo_access mua_sender_restrictions = reject_non_fqdn_sender reject_unknown_sender_domain check_sender_access hash:/etc/postfix/mua_sender_access mua_relay_restrictions = permit_sasl_authenticated reject mua_recipient_restrictions = reject_unverified_recipient permit_sasl_authenticated reject mua_data_restrictions = mua_end_of_data_restrictions = _______________________________________________ Postfix-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
