On 2021-10-21 03:31, Pete wrote:
Hey,
listen on vio1 filter "dkimsign_rsa"
match from any for any action "outbound"
doesn't that make your box an open relay? I gather this is an vm, but
still...
For this instance vio1 is on a private network with only my instances
and what I've gone with is a pf rule that only allows IP addresses that
would otherwise be authorized to use the relay.
I'm clearly no expert in these things either, but without creating
credentials for each service on the network to connect through
submission (which I may configure later), I'm not clear on the
difference between requiring auth for the other servers or just having
the relay there available to send through and restrict access with pf
rules.
Though I am happy to hear input on this. Finding answers to these types
of questions on the 'Net has not yielded much for me.
Thank you,
Paul
