> The only issue I saw was you aren't using authentication on > port 587.
Do you mean on my local server or my remote server (or both)? My local server 587 is *sort of* authenticated by the client certificate (if it works how I think it does). I was coping the idea from: https://prefetch.eu/blog/2020/email-server-extras/#client-certificates-instead-of-passwords so that I can send emails from arbitrary addresses from my domain. Is just a client certificate without a password secure? My remote server 587 isn't authenticated (thank you for pointing it out!). I can see that a spammer could use it to bypass my filters. Am I right that my match rules would stop them from spamming anyone except me? What's the best way for me to have authentication on my remote server 587? Can my local server send a password, or a client certificate?
