On 4/1/2013 10:44 PM, Mark Constable wrote: > On 04/02/13 09:17, Sam Varshavchik wrote: >>> I set up one small VPS as an alternate outgoing mail server for those >>> times when our main mailservers gets blacklisted and do not want it to >>> handle incoming mail or act as a 2nd MX. >> But how are you getting mail to your backup outgoing server? Probably >> by SMTP from your main servers, so you can't really shut down smtp. > > Main mailserver gets blocked, clients who have issues are advised to change > their outgoing mailserver setting to alternate server, they otherwise send > normally (ie, authenticated via ports 465/587) and this server relays these > messages to the rest of the world from a different source address.
If you set AUTH_REQUIRED in all of the esmtpd-* config files, then even if the port is available, no one will be able to send any mail through it without authenticating. > I just don't want any mail from the outside world coming back into this > server via port 25 and would rather not have port 25 even showing up in > a port scan so potential spammers don't even try. > > Ideally, on this server, I just want to expose ports 22 and 587 and that's > all. The port 587 authentication is done via a ssh tunnel back to the > main servers MySQL database so even port 3306 is not exposed (either end). I would block this with a firewall rule if you want to make sure the ports are not exposed to the outside. -- Bowie ------------------------------------------------------------------------------ Minimize network downtime and maximize team effectiveness. Reduce network management and security costs.Learn how to hire the most talented Cisco Certified professionals. Visit the Employer Resources Portal http://www.cisco.com/web/learning/employer_resources/index.html _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
