Wietse Venema: > Wietse: > > I think it is a mistake to enforce Spamhaus for clients that connect > > to port 578. Clients on port 25 must authenticate.
Sorry, 25 should have been 578. > Ruben Safir: > > I agree, but I don't know how to control rules for 587? > > How do I tell it to do something only on port 587? > > In the stock master.cf file: > > #submission inet n - n - - smtpd > # -o syslog_name=postfix/submission > # -o smtpd_tls_security_level=encrypt > # -o smtpd_sasl_auth_enable=yes > # -o smtpd_tls_auth_only=yes > # -o smtpd_reject_unlisted_recipient=no > # Instead of specifying complex smtpd_<xxx>_restrictions here, > # specify "smtpd_<xxx>_restrictions=$mua_<xxx>_restrictions" > # here, and specify mua_<xxx>_restrictions in main.cf (where > # "<xxx>" is "client", "helo", "sender", "relay", or "recipient"). > # -o smtpd_client_restrictions= > # -o smtpd_helo_restrictions= > # -o smtpd_sender_restrictions= > # -o smtpd_relay_restrictions= > # -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject > # -o milter_macro_daemon_name=ORIGINATING > > Once the "#" is removed, the smtpd restrictions are: > > submission inet n - n - - smtpd > ... > -o smtpd_client_restrictions= > -o smtpd_helo_restrictions= > -o smtpd_sender_restrictions= > -o smtpd_relay_restrictions= > -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject > ... > > Note that there are no DNSBL checks on the submission port. > > Wietse >
