On 21 Mar 2019, at 8:21, Matus UHLAR - fantomas wrote:
On 3/20/19 7:35 PM, Matus UHLAR - fantomas wrote:
On 20.03.19 16:26, Yassine Chaouche wrote:
Requiring authentication to relay on 25 will also get rid of spam.
it will also get rid of incoming mail from other mail servers...
On 21.03.19 09:18, Yassine Chaouche wrote:
Which we want anyway, unless we're final destination, no ?
requiring authentication on port 25 will reject all mail without
authentication, even if you are the final destination.
You seem to have missed the phrase "to relay" in the >>>>> line above.
Requiring authentication to relay on *ANY* port is essential. Even if
you do authentication by IP (e.g. permit_mynetworks) or other
out-of-band mechanisms, failing to require authentication to relay will
eventually lead to a system being abused as an open relay.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Available For Hire: https://linkedin.com/in/billcole
