Thanks Noel and Peter i learned alot from both of your posts.
by Noel
For new installations, it is strongly recommended to require your
customers to use port 587 (or 465) and to disable AUTH on port 25.
can you please refer any document on this or any link. actually this is
what i
On 06/04/2015 03:54, Viktor Dukhovni
wrote:
On Sat, Apr 04, 2015 at 07:40:33PM +0100, Nick Howitt wrote:
The client I am using is K-9 mail ...
The line I am currently trying in master.cf is:
submission inet n - n
IMHO I find it better to only allow submission from trusted nets. Better to
disable authentication completely, and completely disable mail submission
(relaying) from the outside.
Thus closing 587 completely.
465 can be good to allow old (or misconfigured) SMTPS servers to send
incoming mail to
On 04/06/2015 08:05 PM, Muhammad Yousuf Khan wrote:
By Peter
-
What you should be, at the very least, encouraging is STARTTLS over port
587. Whether you want to support some very old Outlook clients and
offer TLS wrappermode over 465 is up to you but it is unlikely
On 2015-04-06 14:27, Muhammad Yousuf Khan wrote:
in light of your above suggestions. i enabled
smtp inet n - - - - smtpd
#smtp inet n - - - 1 postscreen
#smtpd pass - - - - - smtpd
Great! i got it now. you guys rocks.
by this we will have 3 separate network classes.
1, unauth/local LAN
2. Auth but only to Allowed IP (such as Verison USA 108.44.155.0/24)
3. and rest of them will be excluded from relaying or blocked.
yes i am aware of geo ip list. will try this too.
Thanks
@Peter
Right, you really should not be allowing submission on port 25 at all.
and is this segregation is a good thought of mine or practical?
Yes
isn't 465 is useless and can i close this if yes then how?
That depends on if you have users that have very old versions of Outlook
which
What I meant is that if your users are on a dynamic IP from a “outside” net,
you can allow that net *in combination* with authentication.
Thus, you will both need to be from the correct net, but also have a valid
username and password.
For example, lets say you have a internal company network
Wietse,
# check_sender_accesshash:/etc/posfix/mywhitelist -- this
killed
the pathname does not exist (you mis-typed it). In addition, you
Ok, that's embarrassing. Thanks for catching it, though. But even so, why
would pointing to a non-existent file completely halt incoming mail?
Bithead:
Wietse,
# check_sender_accesshash:/etc/posfix/mywhitelist -- this
killed
the pathname does not exist (you mis-typed it). In addition, you
Ok, that's embarrassing. Thanks for catching it, though. But even so, why
would pointing to a non-existent file completely halt
10 matches
Mail list logo
