Tugger the SLUGger!SLUG Mailing List Archives

Re: [SLUG] postfix with TLS/SASL on debian woody


Michael Fox wrote:
On 5/6/05, David Fitch <davidf@xxxxxxxxxxxxxx> wrote:

do you mean "mynetworks"?
as I said, it receives mail on all interfaces so that's not it.


mynetworks relates to which hosts are allowed to use this smtp
server.. ie. relay control. It doesn't relate to what interfaces the
smtp will listen on.

Populate the mynetworks variable and see how you go. Mail servers that
allow open relay = bad. Google the reasons why.


This is why SMTP AUTH is excellent. When anybody wishes to use
a mail-server to send emails, that person is challenged with
username/password combination. Then, emails could be sent
only, once the user is authenticated.

SMTP AUTH is based on username/password combination and not
on IP address which was the prevalent authentication for SMTP
during the early days of the Internet.

I can say in my 'main.cf' under postfix,

inet_interfaces=all   # which will allow any IP address to
                      # connect to my smtp-server

smtpd_sasl_auth_enable=yes # but process all smtp connections
                           # thru SASL AUTH

smtpd_use_tls=yes        # and then allow only valid users
smtpd_tls_auth_only=yes  # to send out emails