On 12/08/2011 05:18 PM, Grant wrote:
I've boiled my config down to this. It is functional and I think it
is secure and that it rejects any attempt to send messages from
outside mynetworks unless authenticated. Am I correct? Please
consider all other directives to be default.
You're fine.
If you want to be better than fine, you can implement Noel's suggestion:
it forces STARTTLS and auth only when the client is not localhost. Since
SquirrelMail is localhost, it can send without STARTTLS/auth.
The result is that all of your outgoing mail can arrive on 587, which is
nice when you have a lot of different restrictions for incoming/outgoing
mail.
