On 12/15/2011 8:19 AM, /dev/rob0 wrote:
> The old default of most MUAs to use port 25 was wrong, and it is now
> coming back to haunt you. That said, you have workarounds:
>
> - Use a different IP address for port 25 MX and submission mail
If *all* your MUAs submitting to TCP 25 are on a known internal subnet,
such as corporate network desktops, the fix is even easier as it
requires no MUA reconfiguration. The following assuming your Postfix
server is Linux.
Simply create a new submission service such as the one below. Create
iptables rules to redirect all traffic from the local subnet destined to
TCP 25 to the TCP port of the new submission service. The submission
service may look something like:
/etc/postfix/master.cf
...
10125 inet n - - - - smtpd
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o receive_override_options=no_unknown_recipient_checks,\
no_address_mappings,no_header_body_checks
Google will find you the iptables information you need to implement this
pretty quickly.
--
Stan
