On Jan 24, 2013, at 01.08, Stan Hoeppner wrote: > On 1/23/2013 2:23 PM, Grant wrote: >>>> I thought my postfix setup was configured to send mail on port 587 and >>>> receive mail on port 25, so I was surprised to find that I could send >>>> mail from the local machine on port 25. Is my config OK? >>> >>> Postfix never sends mail *from* TCP 25 or TCP 587. These are receive >>> ports. Outbound connections occur on high ports. You're not properly >>> describing your use case, actually not at all. Would you please? >> >> You're right, I didn't word that correctly. I thought mail received >> on port 25 could only be delivered locally with my config, but I was >> able to send mail to any destination via port 25. The mail client and >> mail server are on the same machine. > > You haven't identified a problem Grant.
it seems quite clear to me the behavior he is attempting to understand/correct. commendably, he is at least making an attempt to properly use submission [which, btw, is far from "useless" and has nothing to do with the route a packet might take]. grant - please show master.cf with comments removed. general comments regarding your current postconf -n output: you likely have a number of redundant settings in main.cf. something like (postconf -d; postconf -n) | sort | uniq -d can be helpful in identifying these unnecessary main.cf entries and simplifying your config. also, a message_size_limit of 40mb is rather large. i'd encourage you to reduce that. lastly, i'd strongly encourage enforcing some additional basic smtpd_recipient_restrictions - e.g. smtpd_recipient_restrictions = reject_non_fqdn_sender reject_unknown_sender_domain reject_non_fqdn_recipient reject_unauth_destination permit note that "permit" is not strictly necessary, but isn't necessarily a bad idea either, imo. in addition, you probably ought to employ some basic antispam restrictions. things like reject_unknown_client_hostname reject_invalid_helo_hostname reject_non_fqdn_helo_hostname reject_unknown_helo_hostname as well as some basic rbl checks [not to mention postscreen] are worth consideration. do note that some of those restrictions may be more prone to collateral damage [perhaps most notably helo related restrictions], so you might consider testing these with warn_if_reject first. lastly, don't miss the warning postconf printed regarding smtpd_relay_restrictions -ben