On Jan 8, 2013, at 19:39, Noel Jones wrote: > On 1/8/2013 10:47 AM, Titanus Eramius wrote: >> I'm a little unsure about best practice here, hence the question. >> >> Running /usr/sbin/spamd from the SpamAssassin package to scan mail, I've >> integrated it into /etc/postfix/master.cf with the following >> lines
[snip] >> The question then is, is this a practical solution, or can it be done >> smarter, for example with less work and without using iptables, or >> maybe some other way entirely? > > Using iptables to separate traffic is a reasonable solution. > Probably a good idea to add a comment to master.cf documenting what > you've done. > > The more typical way to do this is for local mail to use the > submission port 587. Sometimes folks redirect port 25 on the local > network to 587 as a migration aid. This. Using the submission port is highly recommended, as it avoids all kinds of trouble, such as access providers blocking port 25. It also allows you to tailor each service to its specific needs; postscreen on 25, required authentication plus TLS and rate limiting on 587, and so on. HTH, Jona
