Dnia 18.04.2023 o godz. 12:11:06 Tyler Montney via Postfix-users pisze: > > - mail for all local domains coming in on port 25 should be accepted (of > > course considering all usual restrictions - the recipient exists, the > > sending IP is not on a blacklist etc.) > > > > - mail for all non-local domains coming in on port 25 should be outright > > rejected with "Relay access denied" (or similar) message. > > > > There is no authenticated submission on port 25. > > I do not see anything in the RFC explicitly prohibiting authenticated > submission.
I agree that it is not prohibited, but because there are separate ports defined for authenticated submission, the current best practice (used by most mail server administrators, and also being actively recommended here on this list) is to not enable authentication on port 25 (btw. this also largely reduces the scale of password-guessing attacks). Port 25 is considered to be strictly for incoming mail (to "local" domains), and ports 465/587 are for outgoing mail (usually to "non-local" domains, although one may as well send to another local domain on the same server). -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
