Am 12.04.2013 00:04, schrieb LuKreme: > On Apr 8, 2013, at 13:26, Jeroen Geilman <jer...@adaptr.nl> wrote: > >> The clue is that there should be no permit_ rules before /or/ after >> permit_sasl_authenticated, and the last rule should be an explicit "reject". > > Quick question on this, not ever a permit mynetworks? > > (I mean, I can't think of a reason mynetworks would need to use submission, > but is there any reason not to allow it?)
mynetworks may be OK in most cases but * without authentication use port 25 and mynetworks * if a client is using submission it is good practice to have a user in the logs mynetworks should be genrally used with care and only for specific address instead whole networks with sooner or later potentially infected clients which can be banned if using auth even if the malware leaks auth data and abuse it from outside
signature.asc
Description: OpenPGP digital signature