Step 3: Add Submission Capability

mailto:pboy@fedoraproject.org[Peter Boy] Version F38 Last review: 2023-03-xx
Enable Postfix to accept submissions by mail clients.

You are in the Fedora Server documentation staging area!

These documents are not approved yet and may be incomplete and/or incorrect. Take everything here with a grain of salt! You would probably prefer to study the published documentation.

Status of this document: Work in progress, version 0.2 (early state).

You may help us and comment using the ticket system - see button above

Goals: TBD

  1. Enable Submission service in Postfix

    […]# vim /etc/postfix/master.cf
    # ==========================================================================
    # Submission acces for clients: Different rules apply to mail clients.
    # Dedicated to MUA's only.
    submission inet n       -       n       -       -       smtpd
     -o syslog_name=postfix/submission
     -o smtpd_tls_security_level=encrypt
     -o smtpd_sasl_auth_enable=yes
     # delegate authorization to dovecot here
     -o smtpd_sasl_type=dovecot
     -o smtpd_sasl_path=private/auth
     -o smtpd_sasl_security_options=noanonymous
     -o smtpd_tls_auth_only=yes
     ## restrictions here overwrite those in main.cf for this service only
     -o smtpd_client_restrictions=$mua_client_restrictions
     -o smtpd_helo_required=no
     -o smtpd_helo_restrictions=$mua_helo_restrictions
     -o smtpd_sender_restrictions=$mua_sender_restrictio=
     -o smtpd_relay_restrictions=$mua_relay_restrictions
     -o milter_macro_daemon_name=ORIGINATING
     ## Remove privacy relevant headers from mail clients.
     -o cleanup_service_name=submission-header-cleanup
  2. Continue editing and add Service submission-header-cleanup at the end of service list

    ...
    ...
    lmtp      unix  -       -       n       -       -       lmtp
    anvil     unix  -       -       n       -       1       anvil
    scache    unix  -       -       n       -       1       scache
    postlog   unix-dgram n  -       n       -       1       postlogd
    
    # ==================================================================== # Add
    # Define Service submission-header-cleanup to remove MUA header        # Add
    submission-header-cleanup unix n - n    -       0       cleanup        # Add
     -o header_checks=regexp:/etc/postfix/submission_header_cleanup        # Add
  3. Configure Submission Header Cleanup

    In "submission_header_cleanup" rules are stored according to which the submission service removes parts of the header supplied by clients (here privacy-relevant features).

    […]# vim /etc/postfix/submission_header_cleanup
    # /etc/postfix/submission_header_cleanup
    # Removes privacy relevant headers from
    # MTUAs emails
    
    /^Received:/            IGNORE
    /^X-Originating-IP:/    IGNORE
    /^X-Mailer:/            IGNORE
    /^User-Agent:/          IGNORE
  4. Add MUA specific rules to main configuration file

    Add to the end of file

    […]# vim /etc/postfix/main.cf
    # ##########################################
    #
    # Restrictions for MUAs (Mail User Agents)
    #
    # ##########################################
    mua_client_restrictions =
    	permit_mynetworks,
    	permit_sasl_authenticated,
    	reject
    ## mua_helo_restrictions empty by default here. For submission only, this overwrites the generell restrictions as defined elsewere.
    mua_helo_restrictions =
    
    mua_sender_restrictions =
    	permit_mynetworks,
    	reject_non_fqdn_sender,
    	## reject_sender_login_mismatch,
    	permit_sasl_authenticated,
    	reject
    mua_relay_restrictions =
    	reject_non_fqdn_recipient,
    	reject_unknown_recipient_domain,
    	permit_mynetworks,
    	permit_sasl_authenticated,
    	reject

DONE.

You can either start with using the mail service or continue and add advanced spam and junk control and other capabilities.

+