On 1/17/2013 4:42 PM, Quanah Gibson-Mount wrote: > > With testing, I have the following for 465/submission. Thanks again > for the pointers! I used reject_unauth_destination because with > just "reject", some of my mail tests failed.
That implies you were sending unauthenticated mail to a local domain via smtps. As a general rule, that's something you want to prevent since it bypasses all your carefully crafted antispam controls. I have seen a few attempts to deliver spammy-looking unauthenticated mail via smtps/465, haven't noticed it on submission/587 (but never really looked for it). So reject_unauth_destination is OK for testing, but for production I would strongly suggest leaving it at reject. If you need to send unauthenticated mail over smtps/submission on an ongoing basis, you can define a very limited -o mynetworks=... setting and add permit_mynetworks before the reject. -- Noel Jones
