[Postfix] Split SASL passwd maps

[Postfix] create new smtp service to skip sender-dependent SASL map [Postfix] Hard-bounce on SASL errors
2025-01-12 16:14:45 +08:00 · 2018-12-19 09:39:35 +01:00 · 2018-12-19 09:39:35 +01:00 · cd72a4e18b
commit cd72a4e18b
parent 8f686c1543
2 changed files with 8 additions and 3 deletions
--- a/data/conf/postfix/main.cf
+++ b/data/conf/postfix/main.cf
@ -43,7 +43,9 @@ postscreen_pipelining_enable = no
 proxy_read_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_sender_acl.cf,
  proxy:mysql:/opt/postfix/conf/sql/mysql_tls_policy_override_maps.cf,
  proxy:mysql:/opt/postfix/conf/sql/mysql_sender_dependent_default_transport_maps.cf,
-  proxy:mysql:/opt/postfix/conf/sql/mysql_sasl_passwd_maps.cf,
+  proxy:mysql:/opt/postfix/conf/sql/mysql_transport_maps.cf,
+  proxy:mysql:/opt/postfix/conf/sql/mysql_sasl_passwd_maps_sender_dependent.cf,
+  proxy:mysql:/opt/postfix/conf/sql/mysql_sasl_passwd_maps_transport_maps.cf,
  proxy:mysql:/opt/postfix/conf/sql/mysql_tls_enforce_in_policy.cf,
  proxy:mysql:/opt/postfix/conf/sql/mysql_sender_bcc_maps.cf,
  proxy:mysql:/opt/postfix/conf/sql/mysql_recipient_bcc_maps.cf,
@ -126,9 +128,11 @@ mydestination = localhost.localdomain, localhost
 smtp_address_preference = ipv4
 smtp_sender_dependent_authentication = yes
 smtp_sasl_auth_enable = yes
-smtp_sasl_password_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_sasl_passwd_maps.cf
+smtp_sasl_password_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_sasl_passwd_maps_sender_dependent.cf
 smtp_sasl_security_options = 
 smtp_sasl_mechanism_filter = plain, login
 smtp_tls_policy_maps=proxy:mysql:/opt/postfix/conf/sql/mysql_tls_policy_override_maps.cf
 smtp_header_checks = pcre:/opt/postfix/conf/anonymize_headers.pcre
 mail_name = Postcow
+transport_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_transport_maps.cf
+smtp_sasl_auth_soft_bounce = no
--- a/data/conf/postfix/master.cf
+++ b/data/conf/postfix/master.cf
@ -14,7 +14,6 @@ submission inet n       -       n       -       -       smtpd
  -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
  -o smtpd_tls_auth_only=no
  -o smtpd_sender_restrictions=check_sasl_access,regexp:/opt/postfix/conf/allow_mailcow_local.regexp,reject_authenticated_sender_login_mismatch,permit_mynetworks,permit_sasl_authenticated,reject_unlisted_sender,reject_unknown_sender_domain
-
 590 inet n      -       n       -       -       smtpd
  -o smtpd_client_restrictions=permit_mynetworks,reject
  -o smtpd_tls_auth_only=no
@ -24,6 +23,8 @@ smtp_enforced_tls      unix  -       -       n       -       -       smtp
  -o smtp_tls_security_level=encrypt
  -o syslog_name=enforced-tls-smtp
  -o smtp_delivery_status_filter=pcre:/opt/postfix/conf/smtp_dsn_filter
+smtp_via_transport_maps      unix  -       -       n       -       -       smtp -v
+  -o smtp_sasl_password_maps=proxy:mysql:/opt/postfix/conf/sql/mysql_sasl_passwd_maps_transport_maps.cf

 tlsproxy   unix  -       -       n       -       0       tlsproxy
 dnsblog    unix  -       -       n       -       0       dnsblog