On Wed, Mar 20, 2019 at 04:01:24PM +0100, Yassine Chaouche wrote:
> I don't seem to get the idea of submission, I know I must be wrong, b/c
> so many articles out there preach to use a different port for
> submission, but I hope to find some argument in your replies that will
> make me change my mind.
The real difference is that on the submission port you can pass the
ORIGINATING macro to DKIM milters to sign *outbound* mail, while
on the inbound relay port you'll DKIM verification of remotely
originated email.
You would also front-end smtpd(8) with postscreen on port 25, and
apply RBLs that reject clients listed in RBLs, ... but not do either
on 587.
Your configuration is also simplified by separating the rules for
authorizing outbound email from your users, from the logic that
fights spam from untrusted remote users.
I find divide and conquer to be the best way to fight complexity,
to the point of often running a separate Postfix instance for
outbound email, not just a separate service on a separate port.
--
Viktor.
