Matt, I'm not sure if this will help you. As I understand you and other people go to use the alternative port 587 just because more and more ISP's are blocking outgoing SMTP-traffic on port 25.
I must say that in my region here I know only one ISP doing this and we've resolved the problem by implementing stunnel (www.stunnel.org) So we tell to people having a internet connection with blocked port 25 that they should switch the configuration in the mailclient to our server running stunnel and activate SSL for outgoing SMTP-connections. Now I don't know if this will help you because I can't understand exactly why do you need "SMTP-Auth only" on this port and not on the port 25 too. Not missunderstand me: I'm sure you know what you want to do. Just I can't follow at the moment. Markus > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Matt > Sent: Friday, July 15, 2005 12:50 AM > To: [email protected] > Subject: [Declude.JunkMail] SmarterMail shortcomings in a > gateway environment > > Why does this always happen to me... > > I was looking to leave my IMail/Declude setup as my gateway > spam blocking component, and move hosted E-mail to a > different server. All I needed in the hosted mail server was > something that could be configured in such a way as to only > accept SMTP AUTH E-mail or E-mail that only came from my own > gateway. I figured that SmarterMail with port 587 support > (the SMTP submission port) would do the trick. > > Well, it turns out that despite earlier claims, SmarterMail > supports another SMTP port of your choosing, but it doesn't > limit it to SMTP AUTH-only. This means that the spammers > that have a habit of bypassing your MX records for indefinite > periods of time will be able to still hit the SmarterMail > server and bypass the scanning gateways. I found a post from > two days ago that pointed out this major shortcoming, and > despite an earlier thread on the topic, it turns out that > this is a real limitation. > > I started searching for alternative methods around this, such > as setting up a custom zone that blacklists the whole > Internet except for the IP space of my scanning servers and > using their internal spam blocking to delete anything that > didn't come from my own space or was AUTHed. I ran into > another problem here however...their blacklist capabilities > don't allow for unique result codes, so anything that returns > a result from a blacklist is treated as a positive hit. I > had to actually create a CNAME record for a bogus domain to > correspond to this space in order to work around that > limitation and it worked. I then however figured out that > they do not whitelist based on SMTP AUTH, but instead, they > whitelist anything with a local address, and if a user > doesn't have a local address in their headers but still > AUTH's, it won't be whitelisted. So due to this shortsighted > implementation on multiple fronts, there is no practical way > to accomplish this and have it be reliable. > > I also came across another thread while researching things > where some fellow Declude users were pointing out how their > gateway configuration affected blacklists. We all know here > that when gatewaying through a different server, you need > something that is the equivalent of IPBYPASS for the gateway. > They overlooked this, and after it was pointed out to them > they suggested that they instead test all hops, which would > have resulted in tagging many messages that are sent from > clients on DUL IP space. I'm not sure that by the end of the > thread that the concept stuck with them. > > It is a very pretty application, but it has a lot of settings > within it and a few of them don't seem very well thought out. > I E-mailed their tech support asking for ways around this or > an indication of plans to support AUTH-only on the SMTP > submission port and they ducked the questions saying that it > wasn't possible to do at this time and directed my ticket to > their sales staff so that I could get a refund. > Unfortunately they seem to need to create a functional > whitelisting mechanism for AUTHed users also for this to work > instead of one based on the Mail From address. I'm a little > put off by the short answers in response to such things, and > the rubber stamped reply that it will be added to their > suggestion database. Maybe I'm expecting too much... > > At this point, I'm looking for alternatives...including using > IMail on > the new server (I can do this with 8.20). I am also hopeful that > maybe some of the others around here have run into this issue > and possibly have some alternative suggestions. While I > don't want to support IMail any longer and feel that they > might again pull the rug out from under me, I can migrate > things in a snap and I won't have to worry about taking a > risk with SmarterMail. > > Matt > > -- > ===================================================== > MailPure custom filters for Declude JunkMail Pro. > http://www.mailpure.com/software/ > ===================================================== > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be > found at http://www.mail-archive.com. > --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
