Port 25 will work, so long a no one is on an ISP that blocks port 25 - comcast, yahoo, sbcglobal.net - they, and many other now block port 25 to prevent spamming.
Port 587, will not only allow authorization, but will ALSO allow people who are attempting to connect their desktops, laptops and PDA via ISPs that block port 25 to both connect, authorize (by default) and sent messages. The box to require strict authentication is already supported within Imail - it doesn't have to be done because it's there. All you have to do is USE it. Incidently, this has been covered in more than 450 messages pertaining directly to this subject in the archives. Bruce Barnes -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jonas Fornander Sent: Sunday, July 10, 2005 22:28 To: [email protected] Subject: (SPF-None) RE: [IMail Forum] Need help with configuring anti-spam It would but it doesn't change the fact (for me) that it's a workaround. Why should we have to go through all this work to move every single user to port 587 when all that is needed is a checkbox in Imail that says "Enable strict authentication on port 25). IOW, Imail should only accept mail from trusted IP addresses and authenticated users on port 25 when this checkbox is selected. How hard would it be for Ipswitch to implement this? I bet you can whip this out in an afternoon. You already have all the ingredience. In this scenario we don't have to do a single change to any users and no-one will be able to spew spam directly to Imail. There would also be no need to SPF since those sender would neither authenticate nor send from a trusted IP. Would it work if I change the alternate authentication port 587 to 25 in the registry? What would happen? Jonas Fornander - System Administrator Netwood Communications,LLC - www.netwood.net Find out why we're better - 310-442-1530 > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Eric Shanbrom > Sent: Sunday, July 10, 2005 3:28 PM > To: [email protected] > Subject: Re: [IMail Forum] Need help with configuring anti-spam > > Since at this time there is only one ACL for the SMTP service this is > your problem.... my setup would be like this for this scenario: > > > Router with IMGate in the DMZ > IMail server on internal network > IMail relays for internal network and requires auth on port 587 > Outbound mail to gateway (IMGate machine) > > FW Rules: > all external port 25 traffic to DMZ > no external port 25 to internal > Port 587 allowed to IMail > Your users are given port 587 (set to require auth) for their > outgong mail > > I believe this will accomplish what you are wanting > > Eric S > > > > Jonas Fornander wrote: > > >I thought I understood how to configure Imail with port 587 but now > >I'm more confused than ever. I hope someone can un-confuse me. > >This is our setup: > > > >Our MX records points to Imgate > > > >Our hosting, DSL and dialup users has mail.netwood.net as their > >outgoing server which is Imail. This server is configured to "Relay > >for addresses" and our IP blocks are listed. > > > >Our Imail is running 8.20 and port 587 is enabled and working. If I > >change my own account to use port 587 it works if I enable "My > >outgoing server requires authentication". > > > >So everything is working as it should, sooooo now what? > > > >I thought that I would be able to go to SMTP Security -> Control > >Access and deny access for all IP addresses EXCEPT for our trusted IP > >blocks. Then users on non-trusted IP addresses would be able to send > >out mail using port 587 it they were authenticated. However if I deny > >access to a non-trusted IP in SMTP Security -> Control Access then > >they can't send out mail on port 587 either, even if they > >authenticate. :-( > > > >What am I missing? > > > >How can I make our users - on trusted IP addresses - being able to > >use mail.netwood.net to send out mail and our users - on non-trusted > >IP addresses - to send out mail on port 587 (with authentication) and > >ALL other mail, sent directly to the Imail server should be rejected? > > > >Jonas Fornander - System Administrator > >Netwood Communications,LLC - www.netwood.net > >Find out why we're better - 310-442-1530 > > > > > > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > -- > No virus found in this incoming message. > Checked by AVG Anti-Virus. > Version: 7.0.323 / Virus Database: 267.8.11/45 - Release > Date: 7/9/2005 > > -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.8.11/45 - Release Date: 7/9/2005 To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
