On Tue, 24 Nov 2009 16:06:44 -0500 Sahil Tandon <sa...@tandon.net> replied:
>On Nov 24, 2009, at 3:48 PM, Michael Saldivar ><mike.saldi...@advocatecreditrepair.com > > wrote: > >> On Tue, Nov 24, 2009 at 1:25 PM, Sahil Tandon <sa...@tandon.net> >> wrote: >> On Nov 24, 2009, at 3:07 PM, LuKreme <krem...@kreme.com> wrote: >> >> >> On 24-Nov-2009, at 10:39, Jordi Espasa Clofent wrote: >> >> That is easy. >> Have your users connect to the submission port >> >> Yes Wietse, I've considered this simple and clean option, but >> we're a hosting company and the costumers are to lazy to understand >> and accept an approach like this. >> >> Force them by making 587 the ONLY way to send mail. Tell them it's >> for security reasons and make sure you enforce it. >> >> That's all fine and well for small sites, but hardly a solution for >> larger environments where such draconian measures are impractical. >> A more reasonable solution is for the OP to push users toward >> submission via 587, and in the (very long) meantime, find other >> ways to bifurcate SASL vs. non-SASL traffic on port 25. >> >> Small sites like Google, where they force their customers to use >> specific ports for e-mail submission? > >Small sites like Google? Sarcasm is adorable but rarely helps make >your point. > >> http://mail.google.com/support/bin/answer.py?answer=77689 >> >> What's good for the Google is good for the Gander, eh? > >If only it were so. Think company that decides caters to thousands >(insert a larger number of your liking here to avoid another >sarcastic response that misses the point) of users on port 25 and >can't one day just STOP accepting all mail on that port, no matter how >useful and nicely worded the REJECT is that directs them to 587. Excuse me, but does the name 'Comcast' ring a familiar note. They only rescinded that decision when their support lines were over taxed by calls. Personally, IMHO, they should have weathered it out. Their customers would have smartened up eventually. In the long run, forcing users to employ SMTP authentication, etc. does decrease the amount of SPAM. >The OP has already stated he understands the merits of using the >submission port but needs another solution given his REAL WORLD >constraints. The real problem is that he is enabling a user base to control his actions. He has to determine who is in charge. If he is, then he makes the final decisions. If not, then 'quite bitchin'. >Let me be clear: I'm totally on board with using a separate >submission port for trusted users, but that is not always immediately >feasible and the OP asked for alternatives on a technical mailing >list. Hopefully he can convince users to eventually migrate, but the >point is that he needs an interim solution to avoid filtering >authenticated clients on port 25. > > -- Jerry postfix.u...@yahoo.com TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html Klingon phaser attack from front!!!!! 100% Damage to life support!!!!
