>> You can use SquirrelMail on 587. It doesn't work right now because >> of your smtpd_security_level=encrypt. You could change your >> submission restrictions to something like >> -o smtpd_security_level=may >> -o mynetworks=127.0.0.1 >> -o smtpd_tls_auth_only=yes >> -o >> smtpd_recipient_restrictions=permit_mynetworks,reject_plaintext_session,permit_sasl_authenticated,reject >> ... other stuff ... >> >> ie. allow localhost to submit mail plaintext with no auth; all >> others require STARTTLS and auth. > > I've rearranged my config to the following. I don't think > reject_plaintext_session is necessary given the rest of the config. > Is there a situation I'm overlooking where it would come into play? > Please consider everything else default. Is this OK? > > master.cf: > > submission inet n - n - - smtpd > -o smtpd_sasl_auth_enable=yes > -o > smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject > > main.cf: > > smtpd_recipient_restrictions = > reject_unauth_destination, > permit > > smtpd_tls_security_level = may > smtpd_tls_auth_only = yes > > - Grant
I should add that I took Noel's advice and Thunderbird is connecting remotely to 587 and Squirrelmail is connecting locally to 587 without encryption or authentication. The above config pertains to that arrangement. - Grant
