Re: avoiding overload on port 587
- Am 04.12.2012 08:54, schrieb Tomas Macek:
> On Tue, 4 Dec 2012, Robert Schetterer wrote:Tomas, many here gave you good advice
>> Am 04.12.2012 08:20, schrieb Tomas Macek:
>>> On Tue, 4 Dec 2012, Reindl Harald wrote:
>>>> Am 04.12.2012 07:58, schrieb Tomas Macek:
>>>>>> 2) why would you setup a submission service that doesn't require auth
>>>>>> from MUAs?
>>>>> It's because they never had to. It is a historical problem. Now we
>>>>> have thousands of customers, that never had to
>>>>> authenticate, so there is no power to force them to do it now.
>>>> than you have lost any game
>>> Still hope I didn't. My roadmap:
>>> 1) split 25 and 587 with permit_mynetworks on 587 and thus allow the
>>> people without auth to send their email to 587
>>> 2) by means of prerouting rule of iptables redirect sending emails from
>>> $mynetworks to 587
>> dont do that, makes no sense
> Everyone here says me, that MUAs should send their mails through 587. I
> can't do that without iptables, because all the people here have Outlook
> Expresses setup with port 25 for sending emails from default configuration.
Outlook Express is totally outdated, and not included in win versions
above XP which extended support ends in April 8 2014,
so your users have to change in any case to another mailclient
as is said you should have webmail in any case for users, so people
could look on their mail ever
MfG Robert Schetterer
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Joerg Heidrich
- On Tue, Dec 04, 2012 at 07:46:10AM -0600, /dev/rob0 wrote:
> On Tue, Dec 04, 2012 at 11:59:01PM +1300, Peter wrote:Or better yet: replace it with postscreen.
> > I would still also set up port 587 on the mail.example.com
> > IP as submission as well and try to encourage your users (at
> > least the ones you can) to use port 587 from now on.
> What I would do, on Linux with IPv4 only, is create the submission
> port and use an iptables redirect for the alternate IP address:
> # iptables -vt nat -A PREROUTING -p tcp --dport smtp -d \
> mail.example.com -j REDIRECT --to-port submission
> This saves the overhead (system and administrative) of running
> another smtpd on [mail.example.com]:25; he can leave his "smtp ...
> smtpd" service alone in master.cf.
> I should also add as a reply to Stan in the other subthread: lookTo clarify, I meant that if those Outlook Expresses are not yet
> above at the first quoted paragraph: "Outlook Expresses setup with
> ... default configuration."
> Yikes, bad news, very bad. If not doing content filtering nor
> policy limitation of submission now, he will be soon. And possibly
> losing his job in any case. Tomas is not in a good place right now.
compromised by malware, they will be, soon.
http://rob0.nodns4.us/ -- system administration and consulting
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: