Loading ...
Sorry, an error occurred while loading the content.
 

Re: main.cf vs master.cf for smtpd restrictions

Expand Messages
  • mouss
    ... do both! master.cf: submission .... ... -o smtpd_client_restrictions=$submission_client_restrictions -o
    Message 1 of 3 , Dec 17, 2007
    • 0 Attachment
      Charles Marcus wrote:
      > Ok, googling didn't reveal the answer, meaning I probably didn't find
      > the right key words... a clue stick with a simple pointer to the
      > appropriate docs is fine.
      >
      > How are restrictions (and other smtpd options) applied when set in
      > main.cf and in master.cf? Does one over-ride the other? Are they
      > cumulative? When is it better to set these in master for each port as
      > opposed to main, and why?
      >
      > My goal is:
      >
      > Port 25:
      > - Enforce TLS on all inbound connections
      > (we only accept connections from our outsourced anti-spam provider
      > remotely - and they support tls - and/or from sasl_auth clients locally)
      >
      > Port 587:
      > - Only allow sasl_auth clients to relay
      >
      > Currently, in master.cf, I have:
      >
      > smtp inet n - n - - smtpd
      > submission inet n - n - - smtpd
      > -o smtpd_tls_security_level=encrypt
      > -o smtpd_tls_auth_only=yes
      > # -o smtpd_sasl_auth_enable=yes
      > -o smtpd_client_restrictions=permit_sasl_authenticated,reject
      >
      > and in main.cf I have:
      >
      > smtpd_recipient_restrictions =
      > permit_sasl_authenticated,
      > check_client_access cidr:/etc/postfix/client_no_relay.cidr,
      > reject_unauth_destination,
      >
      > If I want to totally separate these and enforce each set of restrictions
      > the way I want, should I set each ports restrictions in master.cf and
      > remove these from main.cf?

      do both!

      master.cf:

      submission ....
      ...
      -o smtpd_client_restrictions=$submission_client_restrictions
      -o smtpd_helo_restrictions=$submission_helo_restrictions
      -o smtpd_sender_restrictions=$submission_sender_restrictions
      -o smtpd_recipient_restrictions=$submission_recipient_restrictions

      and in main.cf, define each submission_mumble_restrictions.

      The advantage is that you can use spaces in main.cf. Note that in either
      case, postconf won't show the values.
    Your message has been successfully submitted and would be delivered to recipients shortly.