Bowie Bailey writes:
On 4/1/2013 10:44 PM, Mark Constable wrote: > On 04/02/13 09:17, Sam Varshavchik wrote: >>> I set up one small VPS as an alternate outgoing mail server for those >>> times when our main mailservers gets blacklisted and do not want it to >>> handle incoming mail or act as a 2nd MX. >> But how are you getting mail to your backup outgoing server? Probably >> by SMTP from your main servers, so you can't really shut down smtp. > > Main mailserver gets blocked, clients who have issues are advised to change > their outgoing mailserver setting to alternate server, they otherwise send > normally (ie, authenticated via ports 465/587) and this server relays these > messages to the rest of the world from a different source address.If you set AUTH_REQUIRED in all of the esmtpd-* config files, then even if the port is available, no one will be able to send any mail through it without authenticating.
For the purposes of this discussion, this won't be sufficient unless you'll also enforce mandatory encryption, with full certificate verification, in any one of several ways this can be done with Courier.
You don't want to do password-based authentication in the clear over the wide Internet.
But, CRAM-MD5 would actually be ok, in this instance, if you want to bother with the hassle of setting it up.
pgp4lSrFhuRdU.pgp
Description: PGP signature
------------------------------------------------------------------------------ Minimize network downtime and maximize team effectiveness. Reduce network management and security costs.Learn how to hire the most talented Cisco Certified professionals. Visit the Employer Resources Portal http://www.cisco.com/web/learning/employer_resources/index.html
_______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
