This is unnecessary, and undesirable to attempt to change one's entire
user base over to port 587.
Virtually any modern router/firewall that is worth a dime will do port
redirection, and have no issues with keeping track of what goes where.
This is after all very much like standard NAT...you are just
readdressing packets and keeping track of communications.
The best method is to introduce a gateway under MX names that are
different from the SMTP/POP3/IMAP address. Then on the IMail box (using
9.1 in this example), you would simply configure port 587 to force AUTH,
but leave port 25 functional. The gateway can deliver straight to port
25, and you can redirect port 25 to 587 for things beyond that immediate
segment of your network, so IMail port 25 is never available to the
outside. This will also prevent all bypassing of one's gateways (some
spammers cache indefinitely), and it will not require any changes to the
setup on one's clients.
Just one note about IMail's AUTH restrictions when this is
configured...it will only allow AUTH and it will not honor one's relay
list as a way to get around that. This would be a nice thing to have
changed.
Matt
Len Conrad wrote:
The problem with SMTP AUTH-only on port 25 is that roamers often are
blocked by the access providers from accessing port 25.
Couldn't you configure your firewall to send both port 25 and 587 to
port 587 on the Imail server?
sure, but when you have a another box like IMGate doing the MX work,
you can block Internt access to IMail open port 25, and force all
roamers onto auth submission port 587.
or,
if your roamers are even able to get to port 25, then swap the open 25
to 587 and swap the auth 587 to 25. and block internet access to port
587, which will be reserved for trusted submission from the MX gateway.
Internet sending to port 25 will fail because AUTH is required.
I can't see any advantage is doubling all port 25 traffic also to port
587. In fact, how could that even work? I don't think it can. I start
as session with port 25 and get mixed answers back from both 25 and 587?
Len
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
