On 07/09/2013 05:10 AM, Dotan Cohen wrote:
on a related note, as this is for humans to send mail from their mail
clients, you'll want to configure a proper submission [port 587] service.
see the commented example in master.cf for a starting point. smtp auth
should be offered only via the submission service, and not via mx service
[port 25]. additionally, encryption should be required for submission
traffic.
Are you referring to this:
#smtps inet n - - - - smtpd
# -o syslog_name=postfix/smtps
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
No, the service you're looking for is "submission", not "smtps". SMTPS
is a deprecated means of submission and you only need it if your users
are using a very old version of one particular email client in which
case they likely have other problems.
Peter
