On 4/3/2022 8:55 μ.μ., Bill Cole wrote:
...
Right now, vmail2.noa.gr has no MX record and the IPv4 address for it (which is
what would be used without any MX) is not accepting connections on port 25, so
I'm not 100% sure how that relates to this, i.e. it looks like you're already
dropping port 25 traffic inbound. So, I'm not sure that I understand the
question correctly...
...
It is also safe, and considered a best practice, to disable authentication on
port 25 because authenticated mail should be coming in on port 587 or 465.
...
Hi Bill,
Thank you for the analysis. I do appreciate your time.
I decided to drop world connections to port 25 today after Matus'
feedback (and my poor analysis of the situation), so most probably you
checked shortly after I did the change.
With regard to disabling AUTH on port 25 only - we need to let AUTH
available on submission port (587) - what exactly should I do? Would it
be enough to remove "permit_sasl_authenticated" from
"smtpd_client_restrictions" in main.cf?
Thanks again to you and to everyone who responded.
Nick
