On Mon, Jan 31, 2011 at 03:32:20PM -0500, Daniel Bromberg wrote:
> smtp.example.com:smtp inet n - n - -
> smtpd
> -o content_filter=filter:dummy
>
> smtp.example.com:smtps inet n - n - -
> smtpd
> -o smtpd_tls_wrappermode=yes
> -o smtpd_sasl_auth_enable=yes
> -o smtpd_client_restrictions=permit_sasl_authenticated,reject
>
> I think what you're also suggesting, then, is to put this stanza:
> "smtpd_sender_login_maps = mysql:/etc/postfix/mysql_sender_login_maps.cf"
> as a -o to the 'smtps' clause, instead of in the system-wide main.cf
> stmpd_recipient_restrictions clause?
No, the table can be defined globally, but should typically be
"proxied" to avoid excessive database connections. Rather,
the constrant "reject_sender_login_mismatch" (or similar) should
be used in a service-specific master.cf override.
Avoid complex settings in master.cf, instead of:
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
use
-o smtpd_client_restrictions=$submission_client_restrctions
and set "submission_client_restrictions" in main.cf.
--
Viktor.
