On 02/23/2015 02:27 PM, Ian Eiloart wrote:
If your goal is to separate authenticated from unauthenticated mail, the place to do it is not at the port, but at the IP address. Use a different server, and publish new MX records. Here, we don’t use a different physical server, we have two IP addresses on one physical interface, and separate Exim processes listening on the different IP addresses:
It's not exactly why I wrote to the list, but this would certainly make things a bit easier. Thanks, I'll definitively take that into consideration.
The process configured to use mx.example.com would listen only on port 25 The process configured to use msa.example.com (or more likely smtp.example.com to satisfy some autoconfiguration algorithms) would listen on ports 587, 25, and 465 (unfortunately, there are still clients that like to use this port for ssl-on-connect)
I disabled port 465 a while ago. However, I still have clients authenticating on port 25, which I learned is the default port for some applications when setting up STARTSSL (e.g. the Android AOSP mail client). This configuration would make things easier...
Of course, our documentation and autoconfiguration servers all recommend port 587, but there’s no harm in (for example) local clients using port 25. I don’t use Postfix, so I don’t know whether you can configure it to listen only on one virtual interface. If not, you may need two physical hosts, or you might be able to do this on one host by virtualising your servers.
Postfix natively supports multi instance setups. Daniel _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
