Stan Hoeppner: > >> [iptables] > >> > >> Or simply list the clients in mynetworks. > > > > No, this redirects client from the MTA port (with postscreen) > > to the MUA port (with submission service). > > > > Wietse > > You've confused me now Wietse. Is the iptables redirect to a submission > port 'better' in this case, or simply plugging the subnet into mynetworks? > > Does using mynetworks on standard TCP 25 cause clients to bypass > postscreen or no?
Only if postscreen permanently whitelists all clients in mynetworks. Things become complicated when smtpd(8) needs to exclude end-user networks from mynetworks, for example to force clients to authenticate before they can have mail relay permission. Wietse