Postings by Sergei

Feedback on Tutorial

Hello Postfix users,

I made a relatively comprehensive tutorial[1] on how to set up a mail server
(Postfix, Dovecot, Rspamd,..) and integrate it with Nextcloud. My goal was to
create a all-in-one, step-by-step tutorial from beginning to end.

I partly used other tutorials as a basis, but also did a lot of research and

real life reasons not to use reject_unknown_client_hostname

The documentation[1] and several e-mails here mention that
reject_unknown_client_hostname can reject legitimate e-mails.

What exactly are these scenarios? When do they occur in real life? Are
there really legitimate mail servers that don't have a reverse DNS
record that resolves to their IP?

I would like to know so that I can decide whether I should care and
whether I can use this option for my setup.

non TLS Auth only from local

Is there a way to announce and allow unencrypted smtp authentication (AUTH
LOGIN) only from

I want Roundcube (webmailer) to use the users credentials when sending mail
for them and for performance reasons this should not require TLS. But when
remote clients connect they should not be able to use unencrypted


smtpd_sender_restrictions and reject_sender_login_mismatch


I am having troubles understanding how *reject_sender_login_mismatch* works in
the context of *smtpd_sender_restrictions*.

1.) Am I right in assuming that *smtpd_sender_restrictions* is a "blacklist"
meaning that if a sender address isn't matched by any parameter it will be
permitted implicitly?

2.) The documentaion states: "Reject the request when $smtpd_sender_login_maps
specifies an owner for the MAIL FROM address...".