Re: Restrictions after postscreen

Mon, 13 May 2013 18:59:47 -0700 

On 5/13/2013 8:42 PM, Noel Jones wrote:
> On 5/13/2013 6:34 PM, Steve Jenkins wrote:
>> On Wed, May 1, 2013 at 5:14 AM, /dev/rob0 <r...@gmx.co.uk
>> <mailto:r...@gmx.co.uk>> wrote:
>>
>>     >
>>     > Here are my current entries:
>>     >
>>     > smtpd_recipient_restrictions =
>>     >         permit_mynetworks,
>>     >         permit_sasl_authenticated,
>>
>>     I don't put these permit_* in global restrictions; I only apply them
>>     to submission via -o smtpd_relay_restrictions=... in master.cf
>>     <http://master.cf>. And
>>     that brings up another point: if you're using 2.10 you now have
>>     smtpd_relay_restrictions for relay control.
>>
>>
>> First, thanks for the extremely insightful help, Rob.
>>
>> OK - I commented those two lines out of smtpd_recipient_restrictions
>> as recommended, and added a new smtpd_relay_restrictions -o line to
>> submission in master.cf <http://master.cf>. My submission now reads:
>>
>> submission inet n       -       n       -       -       smtpd
>>   -o smtpd_tls_security_level=encrypt
>>   -o smtpd_sasl_auth_enable=yes
>>   -o smtpd_client_restrictions=permit_sasl_authenticated,reject
>>   -o milter_macro_daemon_name=ORIGINATING
>>   -o
>> smtpd_relay_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
>>
>> However, I get this when sending a message from my home desktop
>> (connected via Comcast) via my personal Postfix server to my Gmail
>> test address:
> 
> Don't forget that all the other main.cf parameters are still in
> effect on your "submission" entry; likely you're seeing unintended
> spillover.
> 
> I suggest setting ALL the smtpd_*_restrictions entries for
> submission in master.cf so you don't have unexpected results.
> 
> submission inet n       -       n       -       -       smtpd
>   -o smtpd_tls_security_level=encrypt
>   -o smtpd_sasl_auth_enable=yes
>   -o milter_macro_daemon_name=ORIGINATING
>   -o smtpd_client_restrictions=
>   -o smtpd_helo_restrictions=
>   -o smtpd_sender_restrictions=
>   -o smtpd_recipient_restrictions=
>   -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
> 

and don't forget
  -o smtpd_data_restrictions=
  -o smtpd_end_of_data_restrictions=



> 
> 
>   -- Noel Jones
>

Reply via email to