Re: RBLs, submission port, and permit_sasl_authenticated
- --On Thursday, January 17, 2013 10:17 PM -0600 Noel Jones
> On 1/17/2013 4:42 PM, Quanah Gibson-Mount wrote:Hi Noel,
>> With testing, I have the following for 465/submission. Thanks again
>> for the pointers! I used reject_unauth_destination because with
>> just "reject", some of my mail tests failed.
> That implies you were sending unauthenticated mail to a local domain
> via smtps. As a general rule, that's something you want to prevent
> since it bypasses all your carefully crafted antispam controls. I
> have seen a few attempts to deliver spammy-looking unauthenticated
> mail via smtps/465, haven't noticed it on submission/587 (but never
> really looked for it).
> So reject_unauth_destination is OK for testing, but for production I
> would strongly suggest leaving it at reject.
> If you need to send unauthenticated mail over smtps/submission on an
> ongoing basis, you can define a very limited -o mynetworks=...
> setting and add permit_mynetworks before the reject.
Thanks again. There was a problem with my simple test script (it wasn't
actually authenticating). I fixed that, and "reject" is definitely what I
Sr. Member of Technical Staff
A Division of VMware, Inc.
Zimbra :: the leader in open source messaging and collaboration