>>>>> 25 is used by your MTA to receive *incoming* messages from other >>>>> administrative domains (organizations). >>>> >>>> Port 25 is never used to submit outbound messages? If not, I'm >>>> confused as to why Squirrelmail describes its "SMTP Port" setting this >>>> way: >>>> >>>> This is the port to connect to for SMTP. Usually 25. >>> >>> It *was* used to submit outbound messages, but this has proven susceptible >>> to open-relay exploits, etc. >>> >>> You're really better off using 587 exclusively. >> >> Is it alright to send on port 25 from Squirrelmail when it's on the >> same machine as postfix? That way I can make 587 require TLS and >> authentication but not require that local Squirrelmail encrypt or >> authenticate. > > No, I'd do exactly what I said we do here: run 587 on the loopback interface > only, and not require authentication.
I think I can't do that because I also need to connect to 587 from Thunderbird in remote locations. >> Also, should I have some sort of config that prevents the port 25 >> open-relay exploit you mentioned? >> >> - Grant > > You already have it in the form of the $relay_domains list. OK, I just have the default: #relay_domains = $mydestination - Grant
