M postfix/main.cf => postfix/main.cf +4 -4
@@ 10,8 10,9 @@ inet_interfaces = all
# Values for default settings
mydomain = example.com
myhostname = mail.example.com
-mydestination = $myhostname, todo.$mydomain, lists.$mydomain, localhost, localhost.localdomain
+mydestination = $myhostname, $mydomain, localhost, localhost.localdomain
myorigin = $mydomain
+relay_domains = $myhostname, $mydomain
# Advertise host name after SMTP 200
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
@@ 31,15 32,14 @@ cyrus_sasl_config_path = /etc/sasl2/
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = lmdb:/etc/postfix/sasl/sasl_passwd
smtp_sasl_security_options = noanonymous
+smtpd_relay_restrictions = reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_path = smtpd
-#smtpd_sasl_security_options = noanonymous, noplaintext
-smtpd_sasl_security_options = noanonymous
+smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_service = smtpd
smtpd_sasl_tls_security_options = noanonymous
smtpd_tls_auth_only = yes
-smtpd_tls_wrappermode=yes
# Encryption
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
M postfix/main.cf.tls-in => postfix/main.cf.tls-in +4 -4
@@ 10,8 10,9 @@ inet_interfaces = all
# Values for default settings
mydomain = example.com
myhostname = mail.example.com
-mydestination = $myhostname, todo.$mydomain, lists.$mydomain, localhost, localhost.localdomain
+mydestination = $myhostname, $mydomain, localhost, localhost.localdomain
myorigin = $mydomain
+relay_domains = $myhostname, $mydomain
# Advertise host name after SMTP 200
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
@@ 29,15 30,14 @@ maillog_file = /dev/stdout
# Authentication
cyrus_sasl_config_path = /etc/sasl2/
+smtpd_relay_restrictions = reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_path = smtpd
-#smtpd_sasl_security_options = noanonymous, noplaintext
-smtpd_sasl_security_options = noanonymous
+smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_service = smtpd
smtpd_sasl_tls_security_options = noanonymous
smtpd_tls_auth_only = yes
-smtpd_tls_wrappermode=yes
# Encryption
smtpd_tls_chain_files = /var/letsencrypt/chain.pem
M postfix/main.cf.tls-out => postfix/main.cf.tls-out +2 -1
@@ 10,8 10,9 @@ mynetworks = 127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16
# Values for default settings
mydomain = example.com
myhostname = mail.example.com
-mydestination = $myhostname, todo.$mydomain, lists.$mydomain, localhost, localhost.localdomain
+mydestination = $myhostname, $mydomain, localhost, localhost.localdomain
myorigin = $mydomain
+relay_domains = $myhostname, $mydomain
# Advertise host name after SMTP 200
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
M postfix/master.cf => postfix/master.cf +2 -2
@@ 24,11 24,11 @@ smtp inet n - n - - smtpd
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
- -o smtpd_relay_restrictions=permit
+# -o smtpd_relay_restrictions=permit
# -o milter_macro_daemon_name=ORIGINATING
smtps inet n - n - - smtpd
# -o syslog_name=postfix/smtps
-# -o smtpd_tls_wrappermode=yes
+ -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions