Jake Vickers wrote, at 09/01/2008 10:08 AM:
I currently have all my users using the submission port for outgoing
mail. They cannot send on port 25 at this time, and according to all of
the online tests I have tried I am not an open relay or backscatter sprayer.
My master.cf currently shows:
smtp inet n - - - - smtpd
-o smtpd_use_tls=no
-o smtpd_sasl_auth_enable=no
-o content_filter=smtp-amavis:[127.0.0.1]:10024
If I change smtpd_sasl_auth_enable to yes, it allows some devices
(handhelds, Treo, etc.) to send on port 25 if authenticated, but I want
to make sure that this does not turn me into a relay or anything before
doing so. I have attempted to relay through it while it's enabled, and
they were denied. I decided to err on the side of caution and check
with the experts here before "just doing it" in case there were any
pitfalls or gotchas I do not know about.
In addition to what mouss said, be sure to allow only secure
authentication mechanisms, so that passwords aren't sent in the clear.
You indicate this is for road warriors, who may not always be on a
secure network. Ideally, you'll want to encrypt the entire
communication, if the target devices support it.
