Linux Addict wrote: > > While I read through this, I understand that to use domain keys, the > client has to send mails through submission port 587. Does that sound > right? Just to use domainkeys, all clients to has to send mails to > port 587 instead of port 25? Please clarify. Thank you The submission port is required for signing due to the nature of trust.
Common administrative practices include submission on 587 for trusted clients only and should not be permitted on the internet. This port should be firewalled outside of your network. It is difficult to sign on port 25 because the only way to do so is by a FILTER statement which would override any other FILTER or content_filter statements. Using other methods, such as amavisd-new 2.6+, may allow this on port 25 with built in policies. That topic is better suited to their list though. Brian
