|
Hi, Up to now I have been using postfix as an internal server at home relaying messages from internal clients to my ISP, but also receiving mail on port 25. Now my wife has an Android, I'd like to enable her to send mail through the server when out and about. With the options I have with the ClearOS front end, to allow user/pass authentication it sets: smtpd_sasl_auth_enable = yesUnfortunately this opens up user/pass authenticated relaying to port 25 as well as 587 and is vulnerable to to being brute forced. It appears at the moment that just about all brute forcing happens on port 25. Is there any combination or parameters which will deny user/pass authentication for relaying on 25, allow it on 587 and will allow permitted networks (my LAN and Webmail server) without authentication? From reading I am not sure of changing smtpd_tls_auth_only to yes will help and may cut off port 25 for receiving mail completely. If it helps, I have the following set: smtpd_sender_restrictions = permit_mynetworks,Ultimately I'd like to go down the certificate only route but this is longer term and I need to research Android clients which can use certificates. I understand my favourite desktop client, Thunderbird, does not use them very cleverly so may not be suitable for Android. This is a longer term project. TIA, Nick |
- How do I get User/Password authentication on 587 only for... Nick Howitt
