Re: avoiding overload on port 587
> 2) why would you setup a submission service that doesn't require authIt's because they never had to. It is
> from MUAs?
historical problem. Now we have thousands of customers, that never had to
authenticate, so there is no power to force them to do it now.
These days I'm spending the time by splitting the server into port 25
(MTA connections) and 587 (MUA connections) - just see my previous
posts, and can do NOTHING with the
clients, that never autenticated. I can send them email, to please them,
and then force
the authentication on port 587, but I'm pretty sure, that thousands of
will not reflect the email and they will call here and complain about
functionality of the email service - this is common for end users
these days. And after that, I will lose my job... :-) And many of them are
also unable to reconfigure their Outlooks.
So the result at submission port must be something like this:
submission inet n - n - - smtpd
- On Tue, Dec 04, 2012 at 07:46:10AM -0600, /dev/rob0 wrote:
> On Tue, Dec 04, 2012 at 11:59:01PM +1300, Peter wrote:Or better yet: replace it with postscreen.
> > I would still also set up port 587 on the mail.example.com
> > IP as submission as well and try to encourage your users (at
> > least the ones you can) to use port 587 from now on.
> What I would do, on Linux with IPv4 only, is create the submission
> port and use an iptables redirect for the alternate IP address:
> # iptables -vt nat -A PREROUTING -p tcp --dport smtp -d \
> mail.example.com -j REDIRECT --to-port submission
> This saves the overhead (system and administrative) of running
> another smtpd on [mail.example.com]:25; he can leave his "smtp ...
> smtpd" service alone in master.cf.
> I should also add as a reply to Stan in the other subthread: lookTo clarify, I meant that if those Outlook Expresses are not yet
> above at the first quoted paragraph: "Outlook Expresses setup with
> ... default configuration."
> Yikes, bad news, very bad. If not doing content filtering nor
> policy limitation of submission now, he will be soon. And possibly
> losing his job in any case. Tomas is not in a good place right now.
compromised by malware, they will be, soon.
http://rob0.nodns4.us/ -- system administration and consulting
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: