On 1/24/2013 8:42 AM, Jeroen Geilman wrote: > On 01/24/2013 07:08 AM, Stan Hoeppner wrote: >> On 1/23/2013 2:23 PM, Grant wrote: >>>>> I thought my postfix setup was configured to send mail on port 587 and >>>>> receive mail on port 25, so I was surprised to find that I could send >>>>> mail from the local machine on port 25. Is my config OK? >>>> Postfix never sends mail *from* TCP 25 or TCP 587. These are receive >>>> ports. Outbound connections occur on high ports. You're not properly >>>> describing your use case, actually not at all. Would you please? >>> You're right, I didn't word that correctly. I thought mail received >>> on port 25 could only be delivered locally with my config, but I was >>> able to send mail to any destination via port 25. The mail client and >>> mail server are on the same machine. >> You haven't identified a problem Grant. You've identified standard >> Postfix behavior and told us it is confusing to you. We have no idea >> why that is confusing to you because you haven't told us exactly how you >> are trying to use Postfix. One thing I can tell you up front is that >> using authentication between your MUA and Postfix on 587 is useless, >> completely unnecessary, because the packets are transferred via machine >> memory, never going over the wire. The submission service exists >> strictly for accepting authenticated connections over a network. Your >> connections exist entirely within on machine. >> > > If he is actually using SMTP submission on the local server, that is > obviously untrue.
So you're saying all interprocess communication should require authentication and encryption? Hmm.. how many of the applications you run do this Jeroen? > The workings of SMTP submission are not dependent on where this happens > from. > > I would recommend submission regardless of goal or purpose, even on > localhost. That's because you seem to be looking at this backwards. smtp over TLS with auth has a single goal: security. What additional security is provided by using TLS and auth for interprocess communication on a single user PC? I.e. what is the attack vector here, and how does 'submission' prevent such an atack? Answer: there is no attack vector, thus it doesn't help. -- Stan
