On 04/22/10 19:21, /dev/rob0 wrote: > On Wed, Apr 21, 2010 at 09:49:49PM -0500, Noel Jones wrote: > >> "submission" is commented out in the default postfix config because >> a relatively small subset of folks using postfix need it, and it's >> not nice to open ports not needed. >> > I would say that the subset is (or will soon be) a majority of sites, > given the widespread blocking of port 25 for end users. However, as a > default, it would not make sense to enable submission, because it > relies on external software to provide SASL AUTH. Postfix is designed > to work stand-alone, out of the box. > > In another part of this thread, the OP mentioned having read that > "smtpd_delay_reject = no" was a good idea. Much thought has gone into > Postfix default settings. Sometimes these defaults need to be changed > for a site, but the best thing to do is to consult the documentation > and find what the reasoning was for the default setting. The default > smtpd_delay_reject=yes makes good sense in most cases. Inexperienced > people often think that getting rid of them at CONNECT is going to > save bandwidth, but there is no evidence to support this. It's just > as likely that poorly-coded spam clients are going to connect again > and keep trying. Penny wise, pound foolish. > I haven't tried whether my sasl auth on default port works now, but I have noticed a huge increase in spam getting passed; I haven't looked if I can do RBL in amavis (i should?) But postfix isn't rejecting any RBL anymore with the SMTP relay yes?
I'm sorry for not knowing all I should know, i'm no postfix expert :) and I thought I understood it, but not well enough it seems. I suppose I could override smtpd_delay on port 587 via master.cf and have it set to 'no' in my postfix.conf, and just live with the idea that port 25 is kinda off limits for regular 'users' from now on? It sits wrong with me in a sense, but I'm sure i just don't get postfix's main.cf enough :( oliver
