... so stop your whole project and leave all as it was if you are not willing to make your job - who cares about default configuration? * prepare the changes *Message 1 of 54 , Dec 4 12:57 AMView SourceAm 04.12.2012 08:54, schrieb Tomas Macek:
> Everyone here says me, that MUAs should send their mails through 587.so stop your whole project and leave all as it was if you
> I can't do that without iptables, because all
> the people here have Outlook Expresses setup with port 25 for sending
> emails from default configuration
are not willing to make your job - who cares about default
* prepare the changes
* anncounce the changes
* give people a timewindow to apply the changes
* do the changes
yes this is work
but hey, this work happens only because before was done
a really poor job on allow any enduser client to send
mails without authentication and yes you can enable
smtp auth on port 25 too the same time as 587 where it
... Or better yet: replace it with postscreen. ... To clarify, I meant that if those Outlook Expresses are not yet compromised by malware, they will be, soon.Message 54 of 54 , Dec 4 5:58 AMView SourceOn Tue, Dec 04, 2012 at 07:46:10AM -0600, /dev/rob0 wrote:
> On Tue, Dec 04, 2012 at 11:59:01PM +1300, Peter wrote:Or better yet: replace it with postscreen.
> > I would still also set up port 587 on the mail.example.com
> > IP as submission as well and try to encourage your users (at
> > least the ones you can) to use port 587 from now on.
> What I would do, on Linux with IPv4 only, is create the submission
> port and use an iptables redirect for the alternate IP address:
> # iptables -vt nat -A PREROUTING -p tcp --dport smtp -d \
> mail.example.com -j REDIRECT --to-port submission
> This saves the overhead (system and administrative) of running
> another smtpd on [mail.example.com]:25; he can leave his "smtp ...
> smtpd" service alone in master.cf.
> I should also add as a reply to Stan in the other subthread: lookTo clarify, I meant that if those Outlook Expresses are not yet
> above at the first quoted paragraph: "Outlook Expresses setup with
> ... default configuration."
> Yikes, bad news, very bad. If not doing content filtering nor
> policy limitation of submission now, he will be soon. And possibly
> losing his job in any case. Tomas is not in a good place right now.
compromised by malware, they will be, soon.
http://rob0.nodns4.us/ -- system administration and consulting
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: