>> It was also repeatedly suggested that I switch to exactly the >> arrangement that I've switched to. > > > No, that was only presented as an option (there is always more than one way > to skin a cat). > > Doing it the way you did it makes your primary submission port *less* > secure, *just* so you can let squirrelmail use it instead of leaving 465 > open *only* for squirrelmail.
I don't see why the submission port is made less secure if it requires authentication (outside of mynetworks) and authentication requires encryption. - Grant