postfix-users March 2012 archive
Main Archive Page > Month Archives  > postfix-users archives
postfix-users: Re: New default settings for "submission&quo

Re: New default settings for "submission" service?

From: Wietse Venema <wietse_at_nospam>
Date: Tue Mar 13 2012 - 23:50:21 GMT
To: Postfix users <postfix-users@postfix.org>

I'm going to keep it simple: one template for the submission (port 587)
service, and one for smtps (which still seems to be needed in some
places). Three mail submission-like templates becomes unwieldy.

- Both templates override the main.cf settings for smtpd_*_restrictions
to avoid surprises when changes are made to the "port 25" configuration.

- There are no extra syntax or domain existence checks. On the
contrary, I would suggest "-o smtpd_reject_unlisted_recipient=no"
because MUAs do not handle "user unknown" reject messages well. It
may be better to drop such notifications into the user's mailbox.

- These overrides are parametrized to encourage setting them in
main.cf instead of master.cf. Managing such parameters in main.cf
is a realistic possibility now that postconf actually has a clue
about master.cf settings.

#submission inet n - n - - smtpd
# -o syslog_name=postfix/submission
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING

#smtps inet n - n - - smtpd
# -o syslog_name=postfix/smtps
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING

The mua_*_restrictions pseudo-parameters may be set in main.cf.
If, for example, mua_client_restrictions were to be set in main.cf,
then it would control both mail submission services. Otherwise,
the mua_*_restrictions pseudo-parameters all have empty values.

        Wietse