On Thursday 15 December 2011 07:53:35 Tomas Macek wrote:
> I'd like to use postcreen as some kind of spam protection.
> According to documentation
>
> * postscreen(8) should not be used on SMTP ports that receive mail
> from end-user clients (MUAs). In a typical deployment,
> postscreen(8) is used on the "port 25" service, while MUA clients
> submit mail via the submission service (port 587) which normally
> requires client authentication.
>
>
> But we have clients, that send mails on both port 25 and 587. I
> really cannot use postscreen? I don't understand why exactly.
> What will happen if I use it?
You might reject some MUA clients, and if using after-220 tests, you
will be getting phone calls from confused users.
The old default of most MUAs to use port 25 was wrong, and it is now
coming back to haunt you. That said, you have workarounds:
- Use a different IP address for port 25 MX and submission mail
- Communicate with users, the need to change to 587; postscreen
implementation can be a fiendishly effective way to do that. :)
However you choose to do it, you must now separate your user
submission mailstream from your MX mailstream.
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
