Lab 9.4 - Enable Relaying Using SMTP Authentication in Postfix

persie.joseph

I think there is a typo in step 3 which reads:

# postconf -e "smtpd_recipient_restrictions" = \
permit_mynetworks,  \
permit_sasl_authenticated,       \
reject_unauth_destination",      \
reject

I believe it should instead read:

# postconf -e "smtpd_recipient_restrictions = \
permit_mynetworks,    \
permit_sasl_authenticated,       \
reject_unauth_destination,      \
reject"

Is the end goal not to have the following line(s) in main.cf?

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject

Also a note on versioning from the manual. I got the lab working (rejecting unathentuicated) using smtpd_relay_restrictions instead of smtpd_recipient_restrictions

       With  Postfix  versions  before 2.10, the rules for relay permission and spam blocking were combined
       under smtpd_recipient_restrictions, resulting in error-prone configuration.   As  of  Postfix  2.10,
       relay  permission  rules are preferably implemented with smtpd_relay_restrictions, so that a permis‐
       sive spam blocking policy under smtpd_recipient_restrictions will no longer result in  a  permissive
       mail relay policy.

       For  backwards  compatibility,  sites  that  migrate  from  Postfix  versions  before  2.10  can set
       smtpd_relay_restrictions to the empty value, and use smtpd_recipient_restrictions exactly as before.

lee42x

Thank you for your comments.

The postconf command; yes it appears the double quotes are not aligned correctly and you are correct the end goal is the line you described in main.cf. This will get fixed on the next version.

Thank you for the observation on smtpd_relay_restrictions vs smtp_recipient_restrictions. I'm thinking the default value for smtp_relay_restrictions has changed causing the lab to not work as documented. I will investigate this and confirm the operation. Which distribution are you using? The default configuration files are sometimes different on the various distributions.

Thank you for your input.

Lee

lee42x

Other than the fore mentioned typo with the quotes, the lab works as documented. I did get some syntax errors with SASL enabled that turned out to be capitalization requirement on the commands when using telnet.