On 1/24/2013 3:49 PM, b...@bitrate.net wrote: > > On Jan 24, 2013, at 01.08, Stan Hoeppner wrote: > >> On 1/23/2013 2:23 PM, Grant wrote: >>>>> I thought my postfix setup was configured to send mail on port 587 and >>>>> receive mail on port 25, so I was surprised to find that I could send >>>>> mail from the local machine on port 25. Is my config OK? >>>> >>>> Postfix never sends mail *from* TCP 25 or TCP 587. These are receive >>>> ports. Outbound connections occur on high ports. You're not properly >>>> describing your use case, actually not at all. Would you please? >>> >>> You're right, I didn't word that correctly. I thought mail received >>> on port 25 could only be delivered locally with my config, but I was >>> able to send mail to any destination via port 25. The mail client and >>> mail server are on the same machine. >> >> You haven't identified a problem Grant. > > it seems quite clear to me the behavior he is attempting to > understand/correct.
It's not clear at all. Read above. He says he's "configured to send mail on port 587" which suggests ASDL/cable/consumer outbound submission to his ISP, not inbound submission to Postfix. > commendably, he is at least making an attempt to properly use submission > [which, btw, is far from "useless" and has nothing to do with the route a > packet might take]. The primary features of the submission service are TLS encryption and authentication. Neither are needed for interprocess communication, as I explained to Jeroen. The "packet" transfer here is simply a write to local memory by the MUA and a read from it by Postfix. So unless someone has a rouge program installed on his box that is eavesdropping his TCP stack, the two primary features of the submission service are absolutely useless in this scenario. Even the user logging of submission is useless, as it's a single user box. If he needs to separate inbound/outbound smtpds for *other* reasons, such as separate smtpd_foo_restrictions, then a separate inbound smtpd might make sense. But in that case, simply create another smtpd service definition from scratch, that listens on an arbitrary port, that does not require auth or TLS, which again, are useless for interprocess communication as they add no meaningful security to the transaction. -- Stan
