I'm using The Perfect Server - Ubuntu 12.04 LTS (Apache2, BIND, Dovecot, ISPConfig 3) - Page 4 and the values in /etc/postfix/master.cf are no longer as shown in the document. They were last week on my dry run, but now (for the main event) they are different. Any update on which of these to uncomment (in addition to the ones that remain the same as in the HOWTO) greatly appreciated. Gareth. Code: #tlsproxy unix - - - - 0 tlsproxy submission inet n - - - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes # -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING smtps inet n - - - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes # -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING
Your above example is ok. If you want to disallow normal mail deliveries from other servers over smtps and submission port, then you can also uncomment the line: -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject so these ports will only accept emails after the serbder authenticated itself. If you leve it as it is at the moment (whic is ok), these ports will behave like port 25 (accept emails for local mailboxes without authentication and require authentication for relaying).
