> On 3/07/2020, at 13:13, Jeremy Banks <jeremy.ba...@doculynx.com> wrote: > > I am not confident all of our legacy apps can be configured for non-standard > ports; I would be in no way surprised if one or more of them have the classic > smtp ports hardcoded. Though, I will discuss that option with my co-workers. > > Is my understanding of the smtp(d)_tls_FOO options in my original message > correct? If so, what would it take to add a smtpd_tls_polcy_maps option to > allow per-client TLS settings?
You could work around this, by using destination NAT - i.e. if a packet comes in on port 25 from a legacy app, then DNAT to port 26 or something. On linux, this is roughly: iptables -t nat -A PREROUTING -s <legacyapp> -m tcp -p tcp --dport 25 -j DNAT --to-destination <yourip>:26 Of course better to have that one client not chase the green ticks as Viktor says, but, I appreciate that businesses sometimes have management people who don’t care to listen to engineers, and/or sense. The above is perhaps a get out of jail free card, but, try get them to “do the right thing” first. -- Nathan Ward
