On Thu, Jun 18, 2015 at 11:24:24AM -0400, Bill Cole wrote:
> On 16 Jun 2015, at 12:04, Noel Jones wrote:
>
> >If all users must authenticate, it's common to set main.cf
> >mynetworks = 127.0.0.1, [::1]
> >so that local processes can submit mail. It's up to you to determine
> >if local processes require submission on your server. If not
> >required in you environment, set mynetworks empty.
> >mynetworks =
>
>
> Worth clarifying:
>
> Not including the loopback in mynetworks DOES NOT prevent local submission,
> it prevents unauthenticated submission via an smtpd process (i.e. port 25 or
> 587) over the loopback interface. Submission by local processes using the
> sendmail compatibility interface (i.e. direct execution of the sendmail
> binary or of tools that use it like /usr/bin/mail[x], etc.) do not use SMTP
> and so do not inject mail via the loopback TCP/IP interface and are not
> blocked by removing the loopback from mynetworks.
If we're going in this much detail, might as well mention:
http://www.postfix.org/postconf.5.html#authorized_submit_users
--
Viktor.
