* Wietse Venema <postfix-users@postfix.org>: > Patrick Ben Koetter: > > Wietse et al. > > > > With the arrival of postscreen, but also before I find myself repeatedly > > changing the defaults for the 'submission' service in master.cf. I believe > > the > > changes I apply are not rooted in my local mail policies, but of general > > nature. > > > > Now that submission has become more popular I'd like to discuss if the > > current > > settings should be modified to work better with an MTA that runs different > > policies for port 25 and 587, which I believe has become the standard use > > case > > for 'a mailserver'. > > Indeed. Of course, not every MTA needs to provide "port 587" > submission service. Enabling an unused service by default would be > undesirable as it may produce unexpected results.
Agreed. > Different sites have different needs, and perhaps it is an idea to > provide *multiple* submission service examples in master.cf, all > commented out of course. The first could be the recommended one: > not allowing plaintext sessions is good as a general rule. The > second example could allow plaintext sessions (level = may) but > allow plaintext passwords only over encrypted sessions. I'll be on a train for quite some time today. That will give me time to work out some examples. > I would not recommend smtpd_delay_reject=no. With that, the sysadmin > has no clue about what mail is blocked. Even postscreen tries to > capture sender and recipient information. You would not recommend it in general or not on 587? The latter would be my recommendation: - Do not delay on port 25 for MTA to MTA communication - Delay on port 587 for MUA to MTA communication p@rick -- All technical questions asked privately will be automatically answered on the list and archived for public access unless privacy is explicitely required and justified. saslfinger (debugging SMTP AUTH): <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
