On 1/23/2013 2:23 PM, Grant wrote: >>> I thought my postfix setup was configured to send mail on port 587 and >>> receive mail on port 25, so I was surprised to find that I could send >>> mail from the local machine on port 25. Is my config OK? >> >> Postfix never sends mail *from* TCP 25 or TCP 587. These are receive >> ports. Outbound connections occur on high ports. You're not properly >> describing your use case, actually not at all. Would you please? > > You're right, I didn't word that correctly. I thought mail received > on port 25 could only be delivered locally with my config, but I was > able to send mail to any destination via port 25. The mail client and > mail server are on the same machine.
You haven't identified a problem Grant. You've identified standard Postfix behavior and told us it is confusing to you. We have no idea why that is confusing to you because you haven't told us exactly how you are trying to use Postfix. One thing I can tell you up front is that using authentication between your MUA and Postfix on 587 is useless, completely unnecessary, because the packets are transferred via machine memory, never going over the wire. The submission service exists strictly for accepting authenticated connections over a network. Your connections exist entirely within on machine. -- Stan >> Provide full 'postconf -n' output, never main.cf snippets. This was in >> your list welcome message. If you'd posted that we already have an >> answer for you. > > My config works, but does it look OK from a security perspective? > # postconf -n > command_directory = /usr/sbin > config_directory = /etc/postfix > daemon_directory = /usr/libexec/postfix > data_directory = /var/lib/postfix > debug_peer_level = 2 > debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin > ddd $daemon_directory/$process_name $process_id & sleep 5 > home_mailbox = .maildir/ > html_directory = no > inet_protocols = ipv4 > mail_owner = postfix > mailq_path = /usr/bin/mailq > manpage_directory = /usr/share/man > message_size_limit = 40960000 > mydestination = example1.com example2.com > myhostname = example1.com > mynetworks_style = host > newaliases_path = /usr/bin/newaliases > postscreen_bare_newline_action = enforce > postscreen_bare_newline_enable = yes > postscreen_greet_action = enforce > postscreen_non_smtp_command_action = enforce > postscreen_non_smtp_command_enable = yes > postscreen_pipelining_action = enforce > postscreen_pipelining_enable = yes > queue_directory = /var/spool/postfix > readme_directory = no > sample_directory = /etc/postfix > sendmail_path = /usr/sbin/sendmail > setgid_group = postdrop > smtp_tls_exclude_ciphers = aNULL > smtpd_recipient_restrictions = reject_unauth_destination, permit > smtpd_tls_CAfile = /etc/ssl/postfix/cacert.pem > smtpd_tls_auth_only = yes > smtpd_tls_cert_file = /etc/ssl/postfix/newcert.pem > smtpd_tls_exclude_ciphers = aNULL > smtpd_tls_key_file = /etc/ssl/postfix/newkey.pem > smtpd_tls_security_level = may > smtpd_tls_session_cache_timeout = 3600s > tls_random_source = dev:/dev/urandom > unknown_local_recipient_reject_code = 550 > virtual_alias_maps = hash:/etc/postfix/virtual > postconf: warning: /etc/postfix/main.cf: unused parameter: > smtpd_relay_restrictions= > > - Grant >
