Hi Folks,
I just want to verify I have a safe configuration. Everything is working for me good.
My
sendmail.mc file:
--------------------------------
include(`/etc/mail/tls/starttls.m4')dnl
FEATURE(`no_default_msa')dnl
define(`confAUTH_OPTIONS', `y')dnl
TRUST_AUTH_MECH(`PLAIN DIGEST-MD5 CRAM-MD5')dnl
define(`confAUTH_MECHANISMS', `PLAIN DIGEST-MD5 CRAM-MD5')dnl
define(`confDONT_BLAME_SENDMAIL',`GroupReadableSASLDBFile')dnl
DAEMON_OPTIONS(`Port=587, Name=MSA, M=Ea')dnl #watch port 587 for my submissions outgoing from TB
DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl #watch port 25 for incoming email from internet
I have STARTTLS and PLAIN password working on 587. I am confident that i am the only one who can send email on port 587.
However, port 25 I am not so sure. i only want to receive emails for local delivery to my server. (
mydomain.com) I have sasl and dovecot setup to service the Thunderbird client. The MX record for my domian naturally sends traffic to port 25. I do not want to relay or send anyones SPAM from port 25 but i need to read my own incoming email from port 25. Any advice how to harden this or am i safe already?
thank you so much for the help,
--jake