> On 09 Dec 2019, at 00:17, Felix Rubio <fe...@kngnt.org> wrote:
>
> Allow unencrypted/unauthenticated users to submit mail from local
> (127.0.0.x) connections
There is no need for this, and it is dangerous. Just because a connection is
local doesn’t mean it is trustworthy.
> mynetworks = 127.0.0.0/24, 10.8.0.0/24, 172.17.0.0/16
You are allowing connections from not just the local machine, but also from two
private blocks of Its, meaning you are trusting every device on your LAN to
send unauthenticated mail.
Don’t do this.
I didn’t look any further because until you close this security hole, none of
the rest of your settings matter.
--
Dinosaurs are attacking! Throw a barrel!