On 21 Mar 2019, at 06:50, Bill Cole <postfixlists-070...@billmail.scconsult.com> wrote: > Requiring authentication to relay on *ANY* port is essential. Even if you do > authentication by IP (e.g. permit_mynetworks) or other out-of-band > mechanisms, failing to require authentication to relay will eventually lead > to a system being abused as an open relay.
And will probably result in the mail server being blacklisted as an open relay before that even happens, since there are various machines out there that do nothing but test for open relays. The take-away is that one should consider authentication on submission an absolute requirement. -- Come on. Somewhere at the edge of the bell curve is the girl for me.
