Thanks for sharing this i think i have to read more about it. once again Thanks alot for your support.
MYK On Sun, Apr 5, 2015 at 2:10 AM, Mathias Jeschke <postfix-us...@0xaffe.de> wrote: > Hi Yousuf, > > On 2015-04-04 at 22:58 Muhammad Yousuf Khan wrote: > > BTW does it unsure my server if i comment out this like "-o >> smtpd_tls_security_level=encrypt' >> > > It depends on your policy/topology/... > > Based on your setting in main.cf there is at least STARTTLS offered on > port 25 (smtpd_tls_security_level=may). > > However, for clients that I can control - like in your case - I would > always use port 587 for submission these days. > > Technically, it is the same to port 25 but you can enforce more strict > rules for this port, like it's given in the default master.cf template: > > submission inet n - - - - smtpd > -o syslog_name=postfix/submission > -o smtpd_tls_security_level=encrypt > -o smtpd_sasl_auth_enable=yes > -o smtpd_client_restrictions=permit_sasl_authenticated,reject > > This allows only TLS-secured and authenticated delivery on port 587, > everything else (i.e. spammers) gets blocked. > > If there are no other servers that deliver mails via SMTP based on your MX > record in the DNS you could also turn off port 25 entirely. > > Cheers, > Mathias. >
