On 09 Dec 2019, at 13:54, Viktor Dukhovni <postfix-us...@dukhovni.org> wrote: > On Dec 9, 2019, at 3:38 PM, LuKreme <krem...@kreme.com> wrote: >> The configuration as posted, and specifically the line I quoted directly >> above my comment, allowed unauthenticated traffic from anything on the LAN. >> This means random printers, IOT devices, android phones, etc were allowed to >> send mail unchecked. I consider that a security hole. > > That's your take on your network, but many other networks use mynetworks > to meet their requirements. Universal authenticated access is not always > feasible, and more restrained language is appropriate when describing the > tradeoffs.
“Restrained language”? Are you joking? Allowing unauthenticated mail sending *is* a security hole. It may be a security hole you are willing to live with, but it absolutely is a security hole. Especially when you have opened yourself up to any random device on your LAN-side IPs. Looking at his config he is probably on a home connection since he is relaying outbpund mail through his ISP, even more reason to dissuade someone from this kind of configuration. If you posted a config with a my networks like that I wouldn’t blink an aye. -- Help me, Obi-wan Kenobi. You're my only hope.
