On 3/22/19 3:23 PM, Benny Pedersen wrote:
you only need sasl auth
You should do the SMTP Authentication across STARTTLS to protect credentials.
do not enable sasl auth on port 25, if it lists AUTH on port 25 ehlo, you will need to removeĀ it in postfix main.cfenable sasl auth only on port 465 and 587
What is wrong with having SMTP Authentication on the MTA port as an /option/?
Sure, /requiring/ SMTP Authentication on an inbound MX is a bad idea and a non-starter.
But I don't think there's any reason why it can't be there as an option. I just tested and confirmed that Gmail will deliver perfectly fine with the AUTH option presented after EHLO.
all else is insane
Why is having the SMTP Auth option insane on an MTA? -- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
