On 1/25/2013 10:18 AM, b...@bitrate.net wrote: > On Jan 24, 2013, at 22.57, Stan Hoeppner wrote:
>> The primary features of the submission service are TLS encryption and >> authentication. > > the primary feature of the submission service is to provide different ports > for servers and clients, You might want to read this before repeating your statement above: http://www.engardelinux.org/modules/index/list_archives.cgi?list=postfix-users&page=0425.html&month=2012-03 Note that the port is TCP 587, that TLS is enabled, and auth is enabled. The submission service isn't simply for separating traffic on different ports. It's for secure submission of user mail with auth, over the wire. It is not intended for submission via IPC. > ...the submission protocol defines a port for clients to use, period. Again, not true. See above. >> Even the user logging of submission is useless, as it's a single user box. > > hmm, not sure where you got this idea. there have been no such statements > from the op. Long experience. The only reason to use the submission service in an IPC scenario is on a multiuser webmail server with local Postfix. The submission service logs the authenticated user name. So even though the encryption and authentication are useless for security reasons in an IPC submission scenario, having the username logged is advantageous. For instance if a user spams, is being abusive, sends threats, etc, the admin can track down who sent the emails. This is the only scenario where using the submission service for IPC submission makes any sense. So again, for a single user box running both the MUA and Postfix, one is better off using the standard smtpd server on TCP 25, or creating a non TLS/auth submission service on an arbitrary port. -- Stan
