Step 3: Add Submission Capability

mailto:pboy@fedoraproject.org[Peter Boy] Version F38 Last review: 2023-03-xx
Enable Postfix to accept submissions by mail clients.

You are in the Fedora Server documentation staging area!

These documents are not approved yet and may be incomplete and/or incorrect. Take everything here with a grain of salt! You would probably prefer to study the published documentation.

Status of this document: Work in progress, version 0.2 (early state).

You may help us and comment using the ticket system - see button above

Goals: TBD

  1. Enable Submission service in Postfix

    […]# vim /etc/postfix/master.cf
# ==========================================================================
# Submission acces for clients: Different rules apply to mail clients.
# Dedicated to MUA's only.
submission inet n       -       n       -       -       smtpd
 -o syslog_name=postfix/submission
 -o smtpd_tls_security_level=encrypt
 -o smtpd_sasl_auth_enable=yes
 # delegate authorization to dovecot here
 -o smtpd_sasl_type=dovecot
 -o smtpd_sasl_path=private/auth
 -o smtpd_sasl_security_options=noanonymous
 -o smtpd_tls_auth_only=yes
 ## restrictions here overwrite those in main.cf for this service only
 -o smtpd_client_restrictions=$mua_client_restrictions
 -o smtpd_helo_required=no
 -o smtpd_helo_restrictions=$mua_helo_restrictions
 -o smtpd_sender_restrictions=$mua_sender_restrictio=
 -o smtpd_relay_restrictions=$mua_relay_restrictions
 -o milter_macro_daemon_name=ORIGINATING
 ## Remove privacy relevant headers from mail clients.
 -o cleanup_service_name=submission-header-cleanup

  2. Continue editing and add Service submission-header-cleanup at the end of service list

    ...
...
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache
postlog   unix-dgram n  -       n       -       1       postlogd

# ==================================================================== # Add
# Define Service submission-header-cleanup to remove MUA header        # Add
submission-header-cleanup unix n - n    -       0       cleanup        # Add
 -o header_checks=regexp:/etc/postfix/submission_header_cleanup        # Add

  3. Configure Submission Header Cleanup

    In "submission_header_cleanup" rules are stored according to which the submission service removes parts of the header supplied by clients (here privacy-relevant features).

    […]# vim /etc/postfix/submission_header_cleanup
# /etc/postfix/submission_header_cleanup
# Removes privacy relevant headers from
# MTUAs emails

/^Received:/            IGNORE
/^X-Originating-IP:/    IGNORE
/^X-Mailer:/            IGNORE
/^User-Agent:/          IGNORE

  4. Add MUA specific rules to main configuration file

    Add to the end of file

    […]# vim /etc/postfix/main.cf
# ##########################################
#
# Restrictions for MUAs (Mail User Agents)
#
# ##########################################
mua_client_restrictions =
	permit_mynetworks,
	permit_sasl_authenticated,
	reject
## mua_helo_restrictions empty by default here. For submission only, this overwrites the generell restrictions as defined elsewere.
mua_helo_restrictions =

mua_sender_restrictions =
	permit_mynetworks,
	reject_non_fqdn_sender,
	## reject_sender_login_mismatch,
	permit_sasl_authenticated,
	reject
mua_relay_restrictions =
	reject_non_fqdn_recipient,
	reject_unknown_recipient_domain,
	permit_mynetworks,
	permit_sasl_authenticated,
	reject

DONE.

You can either start with using the mail service or continue and add advanced spam and junk control and other capabilities.

+

Want to help? Learn how to contribute to Fedora Docs