On 26 Aug 2013, at 21:24 , John Allen <j...@klam.ca> wrote: > remove the permit_mynetworks from all the various smtpd_xxxx_restrictions > stanzas of main.cf. Then modify the master.cf by adding > -o smtpd_client_restrictions=hash:Deny_Mynetworks_Access,..... > to the smtp service, and add > -o smtpd_client_restrictions=permit_mynetworks,..... > to the submission service. > > This should deny access to the smtp port (25) from the local networks while > allowing access to the submission port (587).
That seem like a bit much. I allow the web-server (which hosts the webmail) in mynetworks, since users mailing from there are already authenticated. I can see there are situations where it would be a good idea. -- "If I were willing to change my morals for convenience or financial gain, we wouldn't be arguing, because I'd already *be* a Republican." -- Wil Shipley
