Noel Jones put forth on 11/24/2009 3:37 PM: > OP can probably exploit the fact that end-user mail clients send to an A > record, MTAs send to an MX. > > Set smtp.example.com's A record to some IP that only accepts > authenticated mail, and point the MX to a different IP. > > ... and then plan a 6 month migration to using port 587.
Why bother? This is an ISP scenario, correct? The 587 command set is standard SMTP right? Just iptables (verb) TCP 25 to TCP 587 for any IP ranges within the ISP's MUA customer range. This is assuming said customers already have to submit auth over TCP 25 to relay mail. Simple solution. Done. Or, have I missed something? -- Stan
