Julio Cesar Covolato wrote:
Hi!
I'm proud to inform you that Brasil is adopting the submission protocol
!! Its very good to ereryone!
The "Bigs" operators here are conivent, and they will do block on
residencial (xdsl, 3g,dial-up, etc..) conecctions on port 25.
I'm a litle provider here, and I configured my "master.cf" like this:
submission inet n - n - - smtpd
# -o smtpd_enforce_tls=yes
-o smtpd_etrn_restrictions=reject
-o smtpd_sasl_local_domain=
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_security_options=noanonymous
-o broken_sasl_auth_clients=yes
-o header_checks=
-o body_checks=
-o
smtpd_client_restrictions=permit_sasl_authenticated,reject_unauth_destination
-o content_filter=
Any sugestions, is that ok?
[]'s
You should check for sasl authentication in
smtpd_recipient_restrictions rather than
smtpd_client_restrictions. smtpd_recipient_restrictions
should end with "reject" rather than the usual
reject_unauth_destination.
Here's what I use, with some comments.
submission inet n - n - - smtpd
# check everyone for viruses
-o content_filter=amavis-smtp:[127.0.0.1]:10026
# TLS required to protect plain passwords
-o smtpd_enforce_tls=yes
-o smtpd_tls_auth_only=yes
-o smtpd_sasl_auth_enable=yes
# override all existing main.cf smtpd_*_restrictions
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_data_restrictions=
-o smtpd_etrn_restrictions=reject
# accept only sasl_authenticated, reject all else
-o
smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o mynetworks=127.0.0.0/8
# show "postfix-submission" in the log
-o syslog_name=postfix-submission
# for DKIM signing
-o milter_macro_daemon_name=ORIGINATING
-- Noel Jones
