It would be very nice to be able to set port 25 to be SMTP Auth-Only also??? Can that currently be done? I am running IMail 8.22 but have all mail going thru a couple of other gateways before it hits the IMail box if they follow the MX records. Can I change port 25 to be Auth-Only except from a couple of IP's? Those ip's being the gateway servers...
Thanks, Grant Griffith Web Application Developer Enhanced Telecommunications http://www.etczone.com 812-932-1000 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Markus Sent: Wednesday, October 25, 2006 1:46 PM To: [email protected] Subject: RE: [IMail Forum] It is worth it to buy the SA? > So is that the solution for users of non-supported versions > of Imail, put a supported SMTP gateway/MTA, commercial or > open-source as long as it is kept current, in front and keep > using version 6, 7, or 8 without worries, or could a rogue > email still get through the gateway ... As far as I know a frontend gateway like Alligate has the functionality to check for malformed or invalid recipient addresses. So a bad message wouldn't reach Imail. But this brings up the question how do you have configured your users who connects to your Imail-server. Usualy they connect to the same port 25 of your SMTP-Server to send outgoing emails. If you have all your users on well defined IP-ranges you can block smtp-access for the rest of the world and you're pretty save. If all users does connect to another SMTP-server for their outgoing messages it will be tha same. But for example if you are an ISP with many connecting users from all around the world and this users does SMTP-Authentication on your Imail-SMTP-Service with their Imail-POP3-Login then you also must keep open the vulnerable SMTP-Port to the entire world. You can set up a third-party gateway on a different IP, who does accept and forward all your incoming messages to Imail. In this case you have to change all MX-Records in the DNS to the IP of the new gateway and after one or two weeks nearly all incomming connections would arrive on the gateway. Your Imail-service is not more "known" but you are still not save because anyone can still reach it if he knwos the IP. The IP of the vulnerable SMTP-Port for example would be part of every outgoing message leaving you Imail-server. If there would be a way to configure Imails SMTP-port to accept ONLY SMTP-Authenticated connections (beside the messages comming from your new gateway) this would be a solution for many of us even if it would still not prevent attacks from the own users. So it depends on how our enviroment is set up but I would say that a very large number of Imail-Admins can't simply make all necessary workarounds. Most of them for similar reasons why they can't simply switch to the current Imail 2006.x To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
