"Imail should only accept mail from trusted IP addresses and authenticated users on port 25"
No checkbox necessary. If you have "relay for addresses" (as you stated you did) then you ALREADY REQUIRE authentication except for the IP addresses listed. RTFM. "Would it work if I change the alternate authentication port 587 to 25 in the registry?" For what purpose? SMTP AUTH ALREADY WORKS ON PORT 25!!! It always has. Port 587 is there specifically for those clients that can't connect on port 25 due to their ISP's blocking that port outbound. Here's the thing, in your original post, you described your setup as this: relay for addresses (good), port 587 enabled (good), but then you thought you needed control access, but you didn't. Just relay for addresses and port 587 will get you EXACTLY what you want. No one will be able to send any mail, no matter what port they use, unless they authenticate (port 25 OR port 587), or unless they are in your trusted IP range (port 25 only). Once again, please RTFM. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Jonas Fornander > Sent: Sunday, July 10, 2005 11:28 PM > To: [email protected] > Subject: RE: [IMail Forum] Need help with configuring anti-spam > > > It would but it doesn't change the fact (for me) that it's a > workaround. > > Why should we have to go through all this work to move every > single user to port 587 when all that is needed is a checkbox > in Imail that says "Enable strict authentication on port 25). > IOW, Imail should only accept mail from trusted IP addresses > and authenticated users on port > 25 when this checkbox is selected. How hard would it be for > Ipswitch to implement this? I bet you can whip this out in an > afternoon. You already have all the ingredience. In this > scenario we don't have to do a single change to any users and > no-one will be able to spew spam directly to Imail. There > would also be no need to SPF since those sender would neither > authenticate nor send from a trusted IP. > > Would it work if I change the alternate authentication port > 587 to 25 in the registry? What would happen? > > Jonas Fornander - System Administrator > Netwood Communications,LLC - www.netwood.net Find out why > we're better - 310-442-1530 > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Eric > > Shanbrom > > Sent: Sunday, July 10, 2005 3:28 PM > > To: [email protected] > > Subject: Re: [IMail Forum] Need help with configuring anti-spam > > > > Since at this time there is only one ACL for the SMTP service this > is > > your problem.... my setup would be like this for this scenario: > > > > > > Router with IMGate in the DMZ > > IMail server on internal network > > IMail relays for internal network and requires auth on port 587 > > Outbound mail to gateway (IMGate machine) > > > > FW Rules: > > all external port 25 traffic to DMZ > > no external port 25 to internal > > Port 587 allowed to IMail > > Your users are given port 587 (set to require auth) for > their outgong > > mail > > > > I believe this will accomplish what you are wanting > > > > Eric S > > > > > > > > Jonas Fornander wrote: > > > > >I thought I understood how to configure Imail with port > 587 but now > > >I'm more confused than ever. I hope someone can un-confuse me. > > >This is our setup: > > > > > >Our MX records points to Imgate > > > > > >Our hosting, DSL and dialup users has mail.netwood.net as their > > >outgoing server which is Imail. This server is configured > to "Relay > > >for addresses" and our IP blocks are listed. > > > > > >Our Imail is running 8.20 and port 587 is enabled and > working. If I > > >change my own account to use port 587 it works if I enable "My > > >outgoing server requires authentication". > > > > > >So everything is working as it should, sooooo now what? > > > > > >I thought that I would be able to go to SMTP Security -> Control > > >Access and deny access for all IP addresses EXCEPT for our trusted > IP > > >blocks. Then users on non-trusted IP addresses would be able to > send > > >out mail using port 587 it they were authenticated. However if I > deny > > >access to a non-trusted IP in SMTP Security -> Control Access then > > >they can't send out mail on port 587 either, even if they > > >authenticate. :-( > > > > > >What am I missing? > > > > > >How can I make our users - on trusted IP addresses - > being able to > > >use mail.netwood.net to send out mail and our users - on > non-trusted > > >IP addresses - to send out mail on port 587 (with authentication) > and > > >ALL other mail, sent directly to the Imail server should be > rejected? > > > > > >Jonas Fornander - System Administrator Netwood > Communications,LLC - > > >www.netwood.net Find out why we're better - 310-442-1530 > > > > > > > > > > > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > > List Archive: > > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > > > -- > > No virus found in this incoming message. > > Checked by AVG Anti-Virus. > > Version: 7.0.323 / Virus Database: 267.8.11/45 - Release > > Date: 7/9/2005 > > > > > > -- > No virus found in this outgoing message. > Checked by AVG Anti-Virus. > Version: 7.0.323 / Virus Database: 267.8.11/45 - Release Date: > 7/9/2005 > > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
