On 4/22/2010 5:16 PM, Oliver Schinagl wrote:
On 04/22/10 19:21, /dev/rob0 wrote:
On Wed, Apr 21, 2010 at 09:49:49PM -0500, Noel Jones wrote:
"submission" is commented out in the default postfix config because
a relatively small subset of folks using postfix need it, and it's
not nice to open ports not needed.
I would say that the subset is (or will soon be) a majority of sites,
given the widespread blocking of port 25 for end users. However, as a
default, it would not make sense to enable submission, because it
relies on external software to provide SASL AUTH. Postfix is designed
to work stand-alone, out of the box.
In another part of this thread, the OP mentioned having read that
"smtpd_delay_reject = no" was a good idea. Much thought has gone into
Postfix default settings. Sometimes these defaults need to be changed
for a site, but the best thing to do is to consult the documentation
and find what the reasoning was for the default setting. The default
smtpd_delay_reject=yes makes good sense in most cases. Inexperienced
people often think that getting rid of them at CONNECT is going to
save bandwidth, but there is no evidence to support this. It's just
as likely that poorly-coded spam clients are going to connect again
and keep trying. Penny wise, pound foolish.
I haven't tried whether my sasl auth on default port works now, but I
have noticed a huge increase in spam getting passed; I haven't looked if
I can do RBL in amavis (i should?) But postfix isn't rejecting any RBL
anymore with the SMTP relay yes?
Unrelated. The setting of smtpd_delay_reject will have no
effect on RBL lookups. If your RBLs aren't working anymore,
you should double check the other things you changed.
You should leave smtpd_delay_reject at its default setting of
yes unless you have a full understanding of why you might or
might not want to change it. Indeed, all the postfix default
settings are carefully chosen and shouldn't be changed without
careful research or advice from a reliable source[1].
[1]Advice you receive on this list can be considered
peer-reviewed and reliable. Advice found on the postfix.org
web site can be considered authoritative and accurate. Advice
found on some google-suggested web site may or may not have
been peer-reviewed, and may or may not be accurate or current;
use with caution.
If you need help, you know the drill -- "postconf -n" and
logs showing the problem.
I suppose I could override smtpd_delay on port 587 via master.cf and
have it set to 'no' in my postfix.conf, and just live with the idea that
port 25 is kinda off limits for regular 'users' from now on? It sits
wrong with me in a sense, but I'm sure i just don't get postfix's
main.cf enough :(
While there are good reasons to only offer AUTH on port 587,
this isn't one of them.
-- Noel Jones
