Tue, 08 Jan 2013 15:54:41 -0600 skrev Noel Jones <njo...@megan.vbhcs.org>:
... > > This raises the question (or at least I think it do), if it's > > possible to "force" the users onto 587 by denying relay access to > > 25? > > > > It's certainly possible to prevent relaying via port 25, and many > sites do so. > > The choice is a local policy decision; do what fits your needs best. > > Typically this is done by giving submission and port 25 different > settings via master.cf -o ... overrides. > > A quick incomplete example: > > # main.cf > mynetworks = 127.0.0.1 > submission_mynetworks = 127.0.0.1, 192.168.0.0/16 > smtpd_recipient_restrictions = > permit_mynetworks > reject_unauth_destination > ... anti-spam controls ... > submission_smtpd_recipient_restrictions = > permit_mynetworks > permit_sasl_authenticated > reject > > # master.cf > submission inet n - n - - smtpd > -o syslog_name=postfix/submission > -o mynetworks=$submission_mynetworks > -o > smtpd_recipient_restrictions=$submission_smtpd_recipient_restrictions > ... more -o overrides ... > > > Common variations are to require sasl AUTH on the submission port by > removing permit_mynetworks, and to require TLS with AUTH by using > "-o smtpd_tls_auth_only=yes". > > > -- Noel Jones Thank you for the additional information, it's very helpful in the understanding of Postfix. I've had some trouble seeing the difference between -o overrides in main.cf and master.cf, but this really helps.
