On 11/24/2009 3:06 PM, Sahil Tandon wrote:
If only it were so. Think company that decides caters to thousands (insert a larger number of your liking here to avoid another sarcastic response that misses the point) of users on port 25 and can't one day just STOP accepting all mail on that port, no matter how useful and nicely worded the REJECT is that directs them to 587. The OP has already stated he understands the merits of using the submission port but needs another solution given his REAL WORLD constraints. Let me be clear: I'm totally on board with using a separate submission port for trusted users, but that is not always immediately feasible and the OP asked for alternatives on a technical mailing list. Hopefully he can convince users to eventually migrate, but the point is that he needs an interim solution to avoid filtering authenticated clients on port 25.
OP can probably exploit the fact that end-user mail clients send to an A record, MTAs send to an MX.
Set smtp.example.com's A record to some IP that only accepts authenticated mail, and point the MX to a different IP.
... and then plan a 6 month migration to using port 587. -- Noel Jones
