On May 8, 2020, at 3:20 PM, Mark Sapiro <mark@msapiro.net> wrote:
We tend to do this differently. For example, on mail.python.org which currently has 261 Mailman 2.1 lists and 134 Mailman 3 lists and sends about 135,000 individual messages per day from the two Mailman instances, we define in /etc/postfix/master.cf
127.0.0.1:8026 inet n - - - - smtpd -o smtpd_authorized_xforward_hosts=127.0.0.0/8 -o mynetworks=127.0.0.0/8 -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_data_restrictions= -o receive_override_options=no_unknown_recipient_checks -o smtpd_milters=inet:127.0.0.1:8891
Then port 8026 only accepts locally generated mail and only does dkim signing (milter on port 8891) and essentially no other checks.
Then in the [mta] section in mailman.cfg we only need
smtp_port: 8026
Yep - I used to do something similar back when I was running dspam with mm2.1. This is a slightly more complicated to set up, but cleaner.
- Mark
mark@pdc-racing.net | 408-348-2878