290940Re: Sufficiently locked down?
- Jan 25, 2013On 1/25/2013 10:18 AM, btb@... wrote:
> On Jan 24, 2013, at 22.57, Stan Hoeppner wrote:You might want to read this before repeating your statement above:
>> The primary features of the submission service are TLS encryption and
> the primary feature of the submission service is to provide different ports for servers and clients,
Note that the port is TCP 587, that TLS is enabled, and auth is enabled.
The submission service isn't simply for separating traffic on different
ports. It's for secure submission of user mail with auth, over the
wire. It is not intended for submission via IPC.
> ...the submission protocol defines a port for clients to use, period.Again, not true. See above.
>> Even the user logging of submission is useless, as it's a single user box.Long experience. The only reason to use the submission service in an
> hmm, not sure where you got this idea. there have been no such statements from the op.
IPC scenario is on a multiuser webmail server with local Postfix. The
submission service logs the authenticated user name. So even though the
encryption and authentication are useless for security reasons in an IPC
submission scenario, having the username logged is advantageous. For
instance if a user spams, is being abusive, sends threats, etc, the
admin can track down who sent the emails.
This is the only scenario where using the submission service for IPC
submission makes any sense. So again, for a single user box running
both the MUA and Postfix, one is better off using the standard smtpd
server on TCP 25, or creating a non TLS/auth submission service on an
- << Previous post in topic Next post in topic >>