- ... Everyone here says me, that MUAs should send their mails through 587. I can t do that without iptables, because all the people here have Outlook ExpressesMessage 1 of 54 , Dec 3, 2012View SourceOn Tue, 4 Dec 2012, Robert Schetterer wrote:
> Am 04.12.2012 08:20, schrieb Tomas Macek:Everyone here says me, that MUAs should send their mails through 587. I
>> On Tue, 4 Dec 2012, Reindl Harald wrote:
>>> Am 04.12.2012 07:58, schrieb Tomas Macek:
>>>>> 2) why would you setup a submission service that doesn't require auth
>>>>> from MUAs?
>>>> It's because they never had to. It is a historical problem. Now we
>>>> have thousands of customers, that never had to
>>>> authenticate, so there is no power to force them to do it now.
>>> than you have lost any game
>> Still hope I didn't. My roadmap:
>> 1) split 25 and 587 with permit_mynetworks on 587 and thus allow the
>> people without auth to send their email to 587
>> 2) by means of prerouting rule of iptables redirect sending emails from
>> $mynetworks to 587
> dont do that, makes no sense
can't do that without iptables, because all the people here have Outlook
Expresses setup with port 25 for sending emails from default
- ... Or better yet: replace it with postscreen. ... To clarify, I meant that if those Outlook Expresses are not yet compromised by malware, they will be, soon.Message 54 of 54 , Dec 4, 2012View SourceOn Tue, Dec 04, 2012 at 07:46:10AM -0600, /dev/rob0 wrote:
> On Tue, Dec 04, 2012 at 11:59:01PM +1300, Peter wrote:Or better yet: replace it with postscreen.
> > I would still also set up port 587 on the mail.example.com
> > IP as submission as well and try to encourage your users (at
> > least the ones you can) to use port 587 from now on.
> What I would do, on Linux with IPv4 only, is create the submission
> port and use an iptables redirect for the alternate IP address:
> # iptables -vt nat -A PREROUTING -p tcp --dport smtp -d \
> mail.example.com -j REDIRECT --to-port submission
> This saves the overhead (system and administrative) of running
> another smtpd on [mail.example.com]:25; he can leave his "smtp ...
> smtpd" service alone in master.cf.
> I should also add as a reply to Stan in the other subthread: lookTo clarify, I meant that if those Outlook Expresses are not yet
> above at the first quoted paragraph: "Outlook Expresses setup with
> ... default configuration."
> Yikes, bad news, very bad. If not doing content filtering nor
> policy limitation of submission now, he will be soon. And possibly
> losing his job in any case. Tomas is not in a good place right now.
compromised by malware, they will be, soon.
http://rob0.nodns4.us/ -- system administration and consulting
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: