From 7de9fe08df920f2858e679efa158401fdda69d6b Mon Sep 17 00:00:00 2001
From: Lars Beckers <lars.beckers@rwth-aachen.de>
Date: Sun, 25 Apr 2021 23:37:44 +0200
Subject: [PATCH] postfix: cleanup smtpd configuration options

---
 postfix/templates/master.cf.j2 | 36 +++++++++++++---------------------
 1 file changed, 14 insertions(+), 22 deletions(-)

diff --git a/postfix/templates/master.cf.j2 b/postfix/templates/master.cf.j2
index 7d27464..a59b7b5 100644
--- a/postfix/templates/master.cf.j2
+++ b/postfix/templates/master.cf.j2
@@ -9,48 +9,40 @@
 #               (yes)   (yes)   (no)    (never) (100)
 # ==========================================================================
 
-{% if postfix_enable_postscreen and not postfix_satellite_only %}
-smtp      inet  n       -       y       -       1       postscreen
-{% else %}
+{% if postfix_satellite_only %}
 smtp     inet  n       -       y       -       -       smtpd
 {% endif %}
 {% if not postfix_satellite_only %}
+{% if postfix_enable_postscreen %}
+smtp      inet  n       -       y       -       1       postscreen
 smtpd     pass  -       -       y       -       -       smtpd
 {% if postfix_content_filter %}
   -o content_filter={{ postfix_content_filter }}
 {% endif %}
 dnsblog   unix  -       -       y       -       0       dnsblog
 tlsproxy  unix  -       -       y       -       0       tlsproxy
+{% else %}
+smtp     inet  n       -       y       -       -       smtpd
+{% endif %}
 {% if postfix_enable_submission %}
 submission inet n       -       y       -       -       smtpd
-  -o smtpd_sasl_security_options=noanonymous
-  -o smtpd_sasl_local_domain=$myhostname
-  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
-  -o smtpd_sender_restrictions=reject_sender_login_mismatch
-  -o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject
   -o syslog_name=postfix/submission
+  -o milter_macro_daemon_name=ORIGINATING
+  -o smtpd_tls_security_level=encrypt
+  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
 {% if postfix_content_filter %}
   -o content_filter={{ postfix_content_filter }}
 {% endif %}
-#  -o smtpd_tls_security_level=encrypt
-#  -o smtpd_sasl_auth_enable=yes
-#  -o smtpd_reject_unlisted_recipient=no
-#  -o smtpd_client_restrictions=$mua_client_restrictions
-#  -o smtpd_helo_restrictions=$mua_helo_restrictions
-#  -o smtpd_sender_restrictions=$mua_sender_restrictions
-#  -o smtpd_recipient_restrictions=
-#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-#  -o milter_macro_daemon_name=ORIGINATING
 {% endif %}
 {% if postfix_enable_smtps %}
 smtps     inet  n       -       y       -       -       smtpd
   -o syslog_name=postfix/smtps
-  -o smtpd_tls_wrappermode=yes
-  -o smtpd_sasl_auth_enable=yes
-  -o smtpd_reject_unlisted_recipient=no
-  -o smtpd_recipient_restrictions=
-  -o smtpd_relay_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
   -o milter_macro_daemon_name=ORIGINATING
+  -o smtpd_tls_wrappermode=yes
+  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+{% if postfix_content_filter %}
+  -o content_filter={{ postfix_content_filter }}
+{% endif %}
 {% endif %}
 #628	  inet  n       -       y       -       -       qmqpd
 {% endif %}
-- 
GitLab