On Tue, Dec 04, 2012 at 07:46:10AM -0600, /dev/rob0 wrote: > On Tue, Dec 04, 2012 at 11:59:01PM +1300, Peter wrote: > > I would still also set up port 587 on the mail.example.com > > IP as submission as well and try to encourage your users (at > > least the ones you can) to use port 587 from now on. > > What I would do, on Linux with IPv4 only, is create the submission > port and use an iptables redirect for the alternate IP address: > > # iptables -vt nat -A PREROUTING -p tcp --dport smtp -d \ > mail.example.com -j REDIRECT --to-port submission > > This saves the overhead (system and administrative) of running > another smtpd on [mail.example.com]:25; he can leave his "smtp ... > smtpd" service alone in master.cf.
Or better yet: replace it with postscreen. > I should also add as a reply to Stan in the other subthread: look > above at the first quoted paragraph: "Outlook Expresses setup with > ... default configuration." > > Yikes, bad news, very bad. If not doing content filtering nor > policy limitation of submission now, he will be soon. And possibly > losing his job in any case. Tomas is not in a good place right now. To clarify, I meant that if those Outlook Expresses are not yet compromised by malware, they will be, soon. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: