290930Re: Sufficiently locked down?
- Jan 24, 2013On 1/24/2013 8:42 AM, Jeroen Geilman wrote:
> On 01/24/2013 07:08 AM, Stan Hoeppner wrote:So you're saying all interprocess communication should require
>> On 1/23/2013 2:23 PM, Grant wrote:
>>>>> I thought my postfix setup was configured to send mail on port 587 and
>>>>> receive mail on port 25, so I was surprised to find that I could send
>>>>> mail from the local machine on port 25. Is my config OK?
>>>> Postfix never sends mail *from* TCP 25 or TCP 587. These are receive
>>>> ports. Outbound connections occur on high ports. You're not properly
>>>> describing your use case, actually not at all. Would you please?
>>> You're right, I didn't word that correctly. I thought mail received
>>> on port 25 could only be delivered locally with my config, but I was
>>> able to send mail to any destination via port 25. The mail client and
>>> mail server are on the same machine.
>> You haven't identified a problem Grant. You've identified standard
>> Postfix behavior and told us it is confusing to you. We have no idea
>> why that is confusing to you because you haven't told us exactly how you
>> are trying to use Postfix. One thing I can tell you up front is that
>> using authentication between your MUA and Postfix on 587 is useless,
>> completely unnecessary, because the packets are transferred via machine
>> memory, never going over the wire. The submission service exists
>> strictly for accepting authenticated connections over a network. Your
>> connections exist entirely within on machine.
> If he is actually using SMTP submission on the local server, that is
> obviously untrue.
authentication and encryption? Hmm.. how many of the applications you
run do this Jeroen?
> The workings of SMTP submission are not dependent on where this happensThat's because you seem to be looking at this backwards.
> I would recommend submission regardless of goal or purpose, even on
smtp over TLS with auth has a single goal: security. What additional
security is provided by using TLS and auth for interprocess
communication on a single user PC? I.e. what is the attack vector here,
and how does 'submission' prevent such an atack? Answer: there is no
attack vector, thus it doesn't help.
- << Previous post in topic Next post in topic >>