From: Malcolm Weir [mailto:[EMAIL PROTECTED] > From: Bowie Bailey > > At the moment, my Courier server does not allow smtp connections > > from the Internet. What I want to do is allow my users to send mail > > through my server via authenticated smtp. But I don't want any > > chance of other mail bypassing the filtering server. > > > > There's not going to be an MX record for the Courier server, but if > > it accepts smtp connections from the Internet, then I have to assume > > that the spammers will eventually find it. I know that a > > non-authenticated connection will not relay, but I don't want spam > > sent to my users either. So I'm trying to configure it so that it > > only accepts what is absolutely necessary. > > I understand that you've got the answer you were searching for, but > consider (instead? As well?) using the MSA protocol for your users. > > This uses port 587 instead of port 25, and is the "proper" (per RFCs) > solution for the underlying issue. You then can simply block port 25 > for all but the trusted host (using iptables or equivalent), which has > the virtue of making your mail server protected from cracking or DoS > attacks...
I hadn't considered this. All in all, it may be a better solution. Separate port, separate firewall settings, separate smtpaccess file. I'll have to give it a shot. And, best of all, I can experiment with it without breaking my current smtp daemon. > Granted, this involves educating your users, which is sometimes > considered an impossibility... But teaching them to add the "this host > requires authentication when sending" option to their clients is > required anyway, so why not add the "use port 587" option, too? (MSA > is 'just' ESMTP with mandatory authentication). My users aren't using this machine for outgoing email at the moment, so I don't have to worry about re-educating everyone. BTW, if MSA is ESMTP with mandatory authentication, why is the setting "AUTH_REQUIRED=0" in the config by default? Doesn't that defeat the purpose? > [ This may be irrelevant to you, but MSA deserves to be better known, > since it is A Good Thing! ] Not irrelevant at all. If I can make it work, it's probably a better solution than trying to do complicated stuff with the smtpaccess file. Bowie ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
