On Thu, Jun 18, 2015 at 11:24:24AM -0400, Bill Cole wrote: > On 16 Jun 2015, at 12:04, Noel Jones wrote: > > >If all users must authenticate, it's common to set main.cf > >mynetworks = 127.0.0.1, [::1] > >so that local processes can submit mail. It's up to you to determine > >if local processes require submission on your server. If not > >required in you environment, set mynetworks empty. > >mynetworks = > > > Worth clarifying: > > Not including the loopback in mynetworks DOES NOT prevent local submission, > it prevents unauthenticated submission via an smtpd process (i.e. port 25 or > 587) over the loopback interface. Submission by local processes using the > sendmail compatibility interface (i.e. direct execution of the sendmail > binary or of tools that use it like /usr/bin/mail[x], etc.) do not use SMTP > and so do not inject mail via the loopback TCP/IP interface and are not > blocked by removing the loopback from mynetworks.
If we're going in this much detail, might as well mention: http://www.postfix.org/postconf.5.html#authorized_submit_users -- Viktor.