Stan Hoeppner:
> >> [iptables]
> >>
> >> Or simply list the clients in mynetworks.
> >
> > No, this redirects client from the MTA port (with postscreen)
> > to the MUA port (with submission service).
> >
> > Wietse
>
> You've confused me now Wietse. Is the iptables redirect to a submission
> port 'better' in this case, or simply plugging the subnet into mynetworks?
>
> Does using mynetworks on standard TCP 25 cause clients to bypass
> postscreen or no?
Only if postscreen permanently whitelists all clients in mynetworks.
Things become complicated when smtpd(8) needs to exclude end-user
networks from mynetworks, for example to force clients to authenticate
before they can have mail relay permission.
Wietse
