Loading ...
Sorry, an error occurred while loading the content.

295248Re: Best practice for implementing an policy service on submission port

Expand Messages
  • Viktor Dukhovni
    Sep 4, 2013
      On Wed, Sep 04, 2013 at 01:06:52PM -0700, Quanah Gibson-Mount wrote:

      > Previous to Postfix 2.10 and the split between
      > smtpd_relay_restrictions and smtpd_recipient_restrictions, our
      > policy service check was in smtpd_recipient_restrictions, and
      > applied to both incoming and outgoing mail. With 2.10, in my
      > efforts to do things correctly, I have left the policy service on
      > port 25 with smtpd_recipient_restrictions, but for the submission
      > port I have:
      > -o smtpd_recipient_restrictions=
      > to strip it out. However, one of the things the policy service
      > (cluebringer/cpbolicyd) offers is rate limiting, which some clients
      > want to implement on their outgoing email.
      > Now, I could modify master.cf so it has:
      > -o smtpd_recipient_restrictions=<policy service bits>
      > but I was wondering if, for the submission port, there was a
      > different recommended method.

      To avoid being in a state of sin, you should only put relay control
      in smtpd_relay_restrictions. All other controls go elsewhere. Given
      the default setting of smtpd_delay_reject, you have many choices.


      avoid putting explicit definitions of these in master.cf, instead:

      -o smtpd_client_restrictions=$submission_client_restrictions
      -o smtpd_helo_restrictions=$submission_helo_restrictions
      -o smtpd_sender_restrictions=$submission_sender_restrictions
      -o smtpd_relay_restrictions=$submission_relay_restrictions
      -o smtpd_recipient_restrictions=$submission_recipient_restrictions

      and define these in main.cf. Place non-relay controls in any of the four
      classes that make most sense to you.

    • Show all 4 messages in this topic