Patrick Ben Koetter:
> Wietse et al.
>
> With the arrival of postscreen, but also before I find myself repeatedly
> changing the defaults for the 'submission' service in master.cf. I believe the
> changes I apply are not rooted in my local mail policies, but of general
> nature.
>
> Now that submission has become more popular I'd like to discuss if the current
> settings should be modified to work better with an MTA that runs different
> policies for port 25 and 587, which I believe has become the standard use case
> for 'a mailserver'.
Indeed. Of course, not every MTA needs to provide "port 587"
submission service. Enabling an unused service by default would be
undesirable as it may produce unexpected results.
Different sites have different needs, and perhaps it is an idea to
provide *multiple* submission service examples in master.cf, all
commented out of course. The first could be the recommended one:
not allowing plaintext sessions is good as a general rule. The
second example could allow plaintext sessions (level = may) but
allow plaintext passwords only over encrypted sessions.
I would not recommend smtpd_delay_reject=no. With that, the sysadmin
has no clue about what mail is blocked. Even postscreen tries to
capture sender and recipient information.
Wietse
