On Jan 24, 2013, at 01.08, Stan Hoeppner wrote:
> On 1/23/2013 2:23 PM, Grant wrote:
>>>> I thought my postfix setup was configured to send mail on port 587 and
>>>> receive mail on port 25, so I was surprised to find that I could send
>>>> mail from the local machine on port 25. Is my config OK?
>>>
>>> Postfix never sends mail *from* TCP 25 or TCP 587. These are receive
>>> ports. Outbound connections occur on high ports. You're not properly
>>> describing your use case, actually not at all. Would you please?
>>
>> You're right, I didn't word that correctly. I thought mail received
>> on port 25 could only be delivered locally with my config, but I was
>> able to send mail to any destination via port 25. The mail client and
>> mail server are on the same machine.
>
> You haven't identified a problem Grant.
it seems quite clear to me the behavior he is attempting to understand/correct.
commendably, he is at least making an attempt to properly use submission
[which, btw, is far from "useless" and has nothing to do with the route a
packet might take].
grant - please show master.cf with comments removed.
general comments regarding your current postconf -n output:
you likely have a number of redundant settings in main.cf. something like
(postconf -d; postconf -n) | sort | uniq -d can be helpful in identifying these
unnecessary main.cf entries and simplifying your config. also, a
message_size_limit of 40mb is rather large. i'd encourage you to reduce that.
lastly, i'd strongly encourage enforcing some additional basic
smtpd_recipient_restrictions - e.g.
smtpd_recipient_restrictions =
reject_non_fqdn_sender
reject_unknown_sender_domain
reject_non_fqdn_recipient
reject_unauth_destination
permit
note that "permit" is not strictly necessary, but isn't necessarily a bad idea
either, imo.
in addition, you probably ought to employ some basic antispam restrictions.
things like
reject_unknown_client_hostname
reject_invalid_helo_hostname
reject_non_fqdn_helo_hostname
reject_unknown_helo_hostname
as well as some basic rbl checks [not to mention postscreen] are worth
consideration.
do note that some of those restrictions may be more prone to collateral damage
[perhaps most notably helo related restrictions], so you might consider testing
these with warn_if_reject first.
lastly, don't miss the warning postconf printed regarding
smtpd_relay_restrictions
-ben
