On Apr 11, 2013, at 20.11, LuKreme <krem...@kreme.com> wrote: > Reindl Harald opined on Thursday 11-Apr-2013@16:58:28 >> mynetworks should be genrally used with care and only for specific >> address instead whole networks with sooner or later potentially >> infected clients which can be banned if using auth even if the >> malware leaks auth data and abuse it from outside > > Mynetworks currently contains the mail server, the webmail server, and my > home fixed IP since I do not have secure submission working as of now.
i would very strongly encourage you to get a properly configured submission service up and running. it's really not terribly difficult, and there's just no reason for a webmail server nor whatever email programs you use at home to not be authenticating. in all honesty, i'm a proponent of doing away with mynetworks entirely, and if truly necessary, using check_client_access instead. > I’m reading up on dovecot-1.2.17 and dovecot-2.1.16 and trying to decide if I > can switch to either of those without breaking everything. One item of > concern was reading a comment that “postfix hands the mail off to dovecot for > local delivery” which makes me think I will lose procmail as my LDA. That > would be bad. you can certainly upgrade without breaking everything. as with anything else, it just takes some care and consideration. as far as procmail goes, i'd consider losing procmail to be a benefit. why do you think you need it? > I’m also wondering if I can set dovecot up to only work with port 587 and > keep cyrus-sasl for port 993, at least for now. I know it seems redundant, > and it would be a stepping stone to ensure that current users are able to > connect as they do now. (IMAP-SSL with “Password” for either local users or > mysql users). does this mean that you want to use dovecot sasl with postfix, for submission, and cyrus sasl with your imap software? it's certainly possible, but i question the actual benefit. -ben
