--On Thursday, January 17, 2013 10:17 PM -0600 Noel Jones
<njo...@megan.vbhcs.org> wrote:
On 1/17/2013 4:42 PM, Quanah Gibson-Mount wrote:
With testing, I have the following for 465/submission. Thanks again
for the pointers! I used reject_unauth_destination because with
just "reject", some of my mail tests failed.
That implies you were sending unauthenticated mail to a local domain
via smtps. As a general rule, that's something you want to prevent
since it bypasses all your carefully crafted antispam controls. I
have seen a few attempts to deliver spammy-looking unauthenticated
mail via smtps/465, haven't noticed it on submission/587 (but never
really looked for it).
So reject_unauth_destination is OK for testing, but for production I
would strongly suggest leaving it at reject.
If you need to send unauthenticated mail over smtps/submission on an
ongoing basis, you can define a very limited -o mynetworks=...
setting and add permit_mynetworks before the reject.
Hi Noel,
Thanks again. There was a problem with my simple test script (it wasn't
actually authenticating). I fixed that, and "reject" is definitely what I
want.
--Quanah
--
Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
