On Mon, Aug 04, 2008 at 02:40:54PM -0400, Brian Evans - Postfix List wrote: > Nicolas KOWALSKI wrote: >> On Mon, Aug 04, 2008 at 12:29:34PM -0400, Brian Evans - Postfix List wrote: >> >>>> A *better* way is force them to Authenticate using SASL. >>>> See http://www.postfix.org/SASL_README.html >>>> Postfix supports either Cyrus or Dovecot SASL. >>>> >>> P.S. This is if you fully trust and know this host >> >> Yes, I fully trust this host. Actually, it is the mx backup for my home >> server: >> >> $ host petole.dyndns.org >> petole.dyndns.org has address 87.90.240.206 >> petole.dyndns.org mail is handled by 10 demisel.dyndns.org. >> petole.dyndns.org mail is handled by 5 petole.dyndns.org. >> >> Can I use authentication for MX? >> > I would highly recommend setting SASL up on both ends in this case. This > is much more secure and reliable than whitelisting a dynamic host. > See the above link for details.
Just to close this thread, we implemented SMTP AUTH over TLS between my server and its secondary MX, and it works perfectly. Thanks for your suggestions, -- Nicolas
