On 8/18/22 06:14, Jaroslaw Rafa wrote: > Dnia 18.08.2022 o godz. 09:17:39 Sam R pisze: >> As you suggest, I enabled TLS wrappermode on both senders servers and the >> internal server, set "smtp_tls_security_level = encrypt " to senders >> servers and it seems perfect now. >> Thanks a lot Noel and Thank you all too! > > I doubt if you should use port 465 at all. > > RFCs clearly say that port 465 is for mail submission, not for receiving > mail addressed to local users, and that authentication is mandatory on port > 465. From what you write, it seems that you send mail via port 465 without > authentication, which is not the intended use of that port. > > IMHO, you should be sending mail between your servers using just regular > port 25. The servers should have each other IP addresses in $mynetworks, so > the receiving server will trust the sending server.
I recommend using client certificate authentication on port 465 instead. IP addresses are not a strong form of authentication unless one is using a secure VPN such as WireGuard. Also one should be encrypting traffic anyway as a matter of best practice. -- Sincerely, Demi Marie Obenour (she/her/hers)
OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
