I’ve a Postfix server running for my own email and everything works fine. While I was upgrading the machine and decided to review the security settings / read and implement some best practices online and most online tutorials tell me to set
main.cf similarly to this:
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_hostname, reject_unknown_client_hostname, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client cbl.abuseat.org
And at the same time I also see people setting the
submission service under
submission inet n - y - - smtpd (...) -o smtpd_client_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_mynetworks,permit_sasl_authenticated,reject
My question: Why does the
submission ends with
reject and under
main.cf nobody recommends ending the list with
reject? Aren’t they just the same thing according to the docs:
-o name=value (short form)
Override the named main.cf configuration parameter. The
parameter value can refer to other parameters as $name
etc., just like in main.cf. See postconf(5) for syntax.
Restrictions are applied in the order as specified; the first
restriction that matches wins. http://www.postfix.org/postconf.5.html#smtpd_client_restrictions
If “the first restriction that matches wins” rule really applies won’t ending it with
reject would cause it to be impossible to send email at all?
It’s redundant. If you reach the end and haven’t matched anything, the default is
reject anyway. But having it there makes that explicit for people who don’t know what the default is.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.