Re: Don't filter the users\

Tue, 24 Nov 2009 13:08:09 -0800

On Nov 24, 2009, at 3:48 PM, Michael Saldivar <mike.saldi...@advocatecreditrepair.com > wrote:
On Tue, Nov 24, 2009 at 1:25 PM, Sahil Tandon <sa...@tandon.net> wrote: 
On Nov 24, 2009, at 3:07 PM, LuKreme <krem...@kreme.com> wrote:


On 24-Nov-2009, at 10:39, Jordi Espasa Clofent wrote:

That is easy.
Have your users connect to the submission port
Yes Wietse, I've considered this simple and clean option, but we're a hosting company and the costumers are to lazy to understand and accept an approach like this.
Force them by making 587 the ONLY way to send mail. Tell them it's for security reasons and make sure you enforce it.
That's all fine and well for small sites, but hardly a solution for larger environments where such draconian measures are impractical. A more reasonable solution is for the OP to push users toward submission via 587, and in the (very long) meantime, find other ways to bifurcate SASL vs. non-SASL traffic on port 25.
Small sites like Google, where they force their customers to use specific ports for e-mail submission?
Small sites like Google? Sarcasm is adorable but rarely helps make your point. 


http://mail.google.com/support/bin/answer.py?answer=77689

What's good for the Google is good for the Gander, eh?
If only it were so. Think company that decides caters to thousands (insert a larger number of your liking here to avoid another sarcastic response that misses the point) of users on port 25 and can't one day just STOP accepting all mail on that port, no matter how useful and nicely worded the REJECT is that directs them to 587.
The OP has already stated he understands the merits of using the submission port but needs another solution given his REAL WORLD constraints.
Let me be clear: I'm totally on board with using a separate submission port for trusted users, but that is not always immediately feasible and the OP asked for alternatives on a technical mailing list. Hopefully he can convince users to eventually migrate, but the point is that he needs an interim solution to avoid filtering authenticated clients on port 25.

Reply via email to