Config ok for TLS/SASL/Client Cert via port 587?

2 msg	Remote backup Postfix server
7 msg	chose interface for outgoing mail
2 msg	Illegal address syntax ... in MAIL command: <...
1 msg	Mail Infrastructure and Zertificon
1 msg	sasl password
6 msg	postfix TLS (configuration/user) problem
7 msg	Virtual Alias Domain
3 msg	copy of email
2 msg	DNS Caching?
5 msg	Using mysql for mynetworks
5 msg	Blocking e-mail from a domain, to a particular ...
5 msg	prevent open relay
15 msg	cannot get mail from outside to my smtp server
6 msg	Error connecting Postfix to LDAP

Config ok for TLS/SASL/Client Cert via port 587?
\ Patrick (12 Mar 2008)
. \ Victor Duchovni (12 Mar 2008)
. . \ Patrick (12 Mar 2008)
. . . \ Victor Duchovni (12 Mar 2008)
. . . . \ Patrick (13 Mar 2008)

7 msg	mail flow architecture
3 msg	virtual forward + deliver
1 msg	Re: RESOLVED: Using Canonical Maps as an Overri...
14 msg	dual mail server
3 msg	how to specify different outgoing IP

Subject:	Config ok for TLS/SASL/Client Cert via port 587?
Group:	Postfix-users
From:	Patrick
Date:	12 Mar 2008

Hi all,

I would like to setup port 587 with TLS/SASL and client certificates so
I can relay email with Evolution from my laptop when I'm working remote.
Did some reading and here's what I've come up with so far. I'm using a
self signed CA and clients certs are signed by that self-signed CA.
Is this master.cf config correct?

submission inet n - n - - smtpd
-o smtpd_etrn_restrictions=reject
-o smtpd_tls_CAfile = /etc/postfix/CAcert.pem
-o smtpd_tls_security_level = encrypt
-o smtpd_tls_ask_ccert = yes
-o smtpd_tls_req_ccert = yes
-o smtpd_tls_fingerprint_digest = sha1
-o relay_clientcerts = hash:/etc/postfix/relay_clientcerts
-o permit_tls_clientcerts
-o smtpd_sasl_auth_enable = yes
-o smtpd_client_restrictions = permit_sasl_authenticated, reject

Is this all that's needed or do I have to fiddle with main.cf too?

Thanks for your feedback.

Regards,
Patrick