On Tuesday 06 September 2011 05:39:03 Heiko Wundram wrote:
> Am 06.09.2011 12:29, schrieb Patrick Ben Koetter:
> > You can offer a different SASL policy on a different port on the
> > Postfix server side.
> >
> > Clone the "smtp ... smtpd" service line and configure it to
> > listen on a different port e.g. 2525. Then add "-o
> > smtpd_sasl_security_options=noanonymous" and let the java client
> > connect there. Use a firewall to control access to that port.
>
> I've thought of that too, but: not possible, as the software does
> not allow connecting anywhere else but port 25 for mail relay. ;-)
>
> If I don't find the time to try and patch Postfix to offer this
> functionality, I'll probably attach an additional IP to the relay
> system which is then firewalled to allow only connections from the
> "local" subnet, and attach an additional smtpd process to that
> specific IP on port 25, which should work.
Patching Postfix is not a good idea IMO. You'll lose the ability to
easily upgrade, for one thing.
Rather than bind a specific IP on port 25, which would require a non-
default setting of inet_interfaces, I would do as P@rick suggested,
and bind an alternate port, and do as Noel suggested, and redirect
port 25 from the client to this alternate port.
If it's Linux, see the REDIRECT and DNAT targets in the iptables(8)
man page. The conntrack match extension might also be useful.
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
