On 10/31/2018 3:52 PM, Fazzina, Angelo wrote: > Hi, i am learning/testing Postscreen on Postfix 2.10.1 > > I read the man page and need a little help understanding this : > > > > This program should not be used on SMTP ports that receive mail from > end-user clients (MUAs). In a typical > > deployment, postscreen(8) handles the MX service on TCP > port 25, while MUA clients submit mail via the > > submission service on TCP port 587 which requires client > authentication. Alternatively, a site could set > > up a dedicated, non-postscreen, "port 25" server that > provides submission service and client authenticaâ[m > > tion, but no MX service. > > > > *What does "MX service" mean ?*
In this context, MX Service means "receive incoming mail from random unauthenticated internet sources". > > * * > > I am not sure how to leverage postscreen for authenticated smtp > traffic to my server over ports 587 and 465, or is that not > > what postscreen was meant to handle ? Postscreen *should not* be used on ports used for client authenticated SMTP. Typically, authenticated clients will use the "submission" port 587 or "smtps" port 465 to submit mail. > > > I guess what i am getting at is, if i only allow port 25 traffic > from within my network via this setting > > mynetworks = /etc/postfix/files/mynetwork > > /etc/postfix/files/mynetwork contains > > 137.99.0.0/16 > > then everything postscreen will ever see will be whitelisted. If i > got that right then, am i not a good use case for using it > > and should just keep it off ? Postscreen is intended for internet traffic on an internet-facing mail gateway. Does this server also accept incoming unauthenticated mail from the general internet? If no, then postscreen is not for you. -- Noel Jones
