On 04/12/12 20:54, Tomas Macek wrote: > Everyone here says me, that MUAs should send their mails through 587. I > can't do that without iptables, because all the people here have Outlook > Expresses setup with port 25 for sending emails from default configuration.
That's the general advice, yes, but the real issue is to keep your submission service separate from your mx service. You can allow submission on port 25 and still have it separate from MX if that submission service is on a different IP address to your MX. As an example, say that your users currently submit to the host mail.example.com, you can change the IP of mail.example.com to point to a new IP (on the same server) and set up postfix so that it runs a submission service on that IP on port 25. You can then point your MX record to a different hostname (mx1.example.com) and point that to a second IP address on the same server, postfix can then be configured so that port 25 requests to that IP are treated as mx requests and not submission. With this setup you get to separate your submission from your mx but still don't have to require your users to make any changes to their clients. I would still also set up port 587 on the mail.example.com IP as submission as well and try to encourage your users (at least the ones you can) to use port 587 from now on. Also, if they don't have authentication set up, then you can use mynetworks to authenticate them, but you may be better off using a check_client_access cidr table instead for better control of this. Peter
