I have ignored the original e-mail,
On 20 Mar 2019, at 11:01, Yassine Chaouche wrote:
I don't seem to get the idea of submission, I know I must be wrong,
b/c so many articles out there preach to use a different port for
submission, but I hope to find some argument in your replies that
will make me change my mind.
If I understand correctly, submission is a means for mail server
admins to enforce some policies on port 587 w/o interfering with
mail relay which occurs on port 25. These policies are mainly :
1/ Force TLS on all incoming connexions
2/ Force users to authenticate
While 1/ can't be enforced on port 25, 2/ can be enforced for relay,
e.g. with :
neither of those can be forced on port 25.
Both of those can be forces on submission ports
smtpd_sasl_auth_enable = yes
this does NOT force authentication, it only enables it.
smtpd_relay_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination
neither does this. this only disables unauthenticated relaying, but allows
incoming mail/spam from unauthenticated clients.
So the only thing that I need submission port for seems to be to
force TLS connexions, right ?
Anything else I am missing there ?
you should force authentication on submission ports via
"smtpd_client_restrictions= permit_sasl_authenticated, reject"
otherwise you could receive spam via submission ports (yes, spammers do
that) from end-users that were blocked from connecting to port 25 by their
ISP.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows 2000: 640 MB ought to be enough for anybody
