On 3/21/19 1:21 PM, Matus UHLAR - fantomas wrote:
requiring authentication on port 25 will reject all mail without
authentication, even if you are the final destination.
Dear Matus,
Consider the example configuration I gave in my first post :
smtpd_sasl_auth_enable = yes
smtpd_relay_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination
This 1/ successfully **accepts** inbound mail on port 25 for final
destination (delivery), **without** requiring authentication while it 2/
succesfully **rejects** outbound mail from unauthenticated users
(outside of my network, but that exception can easily be removed and be
applied to any outbound mail as Bill Cole seem to suggest).
> Bill Cole wrote :
> [...] in the modern world is that there's no good reason for
permit_mynetworks, or at least there's no reason to include submitters'
networks in mynetworks.
Point taken. If any machine on mynetwork gets compromised and finds my
mx server it will ultimately attempt to send spam, this is why I think
anti-spam filters should also be applied to outbound mail as well
inbound mail (no distinction b/w submission and relay).
Yassine.
