Linux Addict wrote:
On Tue, Nov 11, 2008 at 4:53 PM, Charles Marcus
<[EMAIL PROTECTED]>wrote:
On 11/11/2008 4:49 PM, Charles Marcus wrote:
Common administrative practices include submission on 587 for
trusted clients only and should not be permitted on the internet.
This port should be firewalled outside of your network.
Excuse me?!?!? Thats ridiculous... in fact, just the OPPOSITE is
true.
Well... correction...
Port 587 is designed to provide smtp_auth services to trusted clients
VIA an UNtrusted network (like the internet)...
So, no WAY should it be firewalled - just limit it to sasl_auth based
sessions - and hopefully you enforce strong password policies too...
--
Best regards,
Charles
My reason for configuring domain keys is yahoo not filtering my mails as
spam.
because you think once you sign your mail they will deliver it to Inbox?
I dont want to go back and change more than 1000 clients port from 25
to 587.
if they come from specific networks, you can use a NAT implementation to
redirect them to port 587. otherwise, see below.
So is there anyway we can achieve domainkeys authentication on port 25?
smtpd_client_restrictions =
check_client_access pcre:/etc/postfix/filter_outbound
permit_mynetworks
permit_sasl_authenticated
check_client_access pcre:/etc/postfix/filter_inbound
== filter_outbound
# pass to "outbound" filter
/./ FILTER scan:[127.0.0.1]:10586
== filter_inbound
# pass to "inbound" filter
/./ FILTER scan:[127.0.0.1]:10024
if you wonder what that does:
- if mail comes from mynetworks or is sasl authenticated, then it is
passed to port 10586
- otherwise, it is passed to port 10024
