This adds some security accepting only valid email / alias address for login
It was possible to send mail like as: invalid@gmail.com even though login were troll@spam.site
Now only valid email / alias for login are allowed: valid@alias.email logged in as user@domain.tld
It's recommended to change HowtoForge installation tutorials regarding /etc/postfix/master.cf:
submission inet n - y - - smtpd
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
#uncomment below line for mandatory STARTTLS on TCP port 587
# -o smtpd_tls_security_level=encrypt
smtps inet n - y - - smtpd
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_tls_wrappermode=yes
Here I explain why I recommend to remove below lines from /etc/postfix/master.cf:
#this is already defined in /etc/postfix/main.cf
-o smtpd_sasl_auth_enable=yes
#these are just for logging, not needed
-o syslog_name=postfix/smtps
-o syslog_name=postfix/submission
#this is already defined in /etc/postfix/main.cf as MAY what is perfectly fine
-o smtpd_tls_security_level=encrypt
Note: tested in productive email server, everything worked fine including DKIM signing.