On 12/8/11 1:49 PM, Grant wrote: >>>> 25 is used by your MTA to receive *incoming* messages from other >>>> administrative domains (organizations). >>> >>> Port 25 is never used to submit outbound messages? If not, I'm >>> confused as to why Squirrelmail describes its "SMTP Port" setting this >>> way: >>> >>> This is the port to connect to for SMTP. Usually 25. >> >> It *was* used to submit outbound messages, but this has proven susceptible >> to open-relay exploits, etc. >> >> You're really better off using 587 exclusively. > > Is it alright to send on port 25 from Squirrelmail when it's on the > same machine as postfix? That way I can make 587 require TLS and > authentication but not require that local Squirrelmail encrypt or > authenticate.
No, I'd do exactly what I said we do here: run 587 on the loopback interface only, and not require authentication. > Also, should I have some sort of config that prevents the port 25 > open-relay exploit you mentioned? > > - Grant You already have it in the form of the $relay_domains list. -Philip
