>>>> I now have Thunderbird connecting remotely to 587 and Squirrelmail >>>> connecting locally to 587 without encryption or authentication. Do >>>> you see any problems with my config? Please consider everything else >>>> default. >>>> >>>> master.cf: >>>> >>>> submission inet n - n - - smtpd >>>> -o smtpd_sasl_auth_enable=yes >>>> -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject >>> >>> Seems alright, but if you are just learning (heck, even if not), IMO >>> it's better to keep things separate. It's (my suggestion, that is) >>> much easier to maintain and allows much greater flexibility in the >>> policies you can enforce against webmail vs. external clients. >> >> You're saying I should have Squirrelmail and Thunderbird submit on >> different ports? I was under the impression that all submission >> should take place on 587. > > You can do whatever you want with your own server. It makes sense to > me to do what is easiest to maintain and happens to be more powerful > and flexible. Simplicity is a bonus when you are just figuring things > out. > >>>> main.cf: >>>> >>>> smtpd_recipient_restrictions = >>>> reject_unauth_destination, >>>> permit >>> >>> You've got a lot to add to this one. Please refer to the postfix >>> community for help with that. >> >> I think it's OK since it would only apply to port 25. >> smtpd_recipient_restrictions is defined explicitly for port 587 in >> master.cf. Please correct me if I'm wrong. > > You're wrong if you're accepting mail from the outside world on port > 25. You'll get all kinds of junk without better configuration here. > Also make sure to test your server against being an open relay. I do accept mail from the outside world on port 25 but I'm using postscreen to keep out the junk. I should have mentioned that before. postscreen_greet_action = enforce postscreen_pipelining_enable = yes postscreen_pipelining_action = enforce postscreen_non_smtp_command_enable = yes postscreen_non_smtp_command_action = enforce postscreen_bare_newline_enable = yes postscreen_bare_newline_action = enforce I think this along with a properly defined mydestination should prevent me from being an open relay: smtpd_recipient_restrictions = reject_unauth_destination, permit - Grant ------------------------------------------------------------------------------ Cloud Services Checklist: Pricing and Packaging Optimization This white paper is intended to serve as a reference, checklist and point of discussion for anyone considering optimizing the pricing and packaging model of a cloud services business. Read Now! http://www.accelacomm.com/jaw/sfnl/114/51491232/ ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
