Am 09.06.2014 03:45, schrieb Peter: > On 06/08/2014 03:53 AM, li...@rhsoft.net wrote: >> well, one could say: block them from submission port and don't allow >> SASL on 25, but that works only if you are a startup beginning from >> scratch, i condsidered that but it would take weeks and months to >> explain all customers that they have to fix their client configs >> and i see even new configured clients using 25 because the idiotic >> MUA's still default to 25 and burrie the port setting somewhere >> under "expert" or "extended" settings, so you can't do that if >> you have hundrets of customers with all sort of devices > > If that's the case then you can put submission on a separate IP address, > so that your users can continue to submit to port 25 (and indeed even to > the same hostname on port 25) without problem, and it that service will > not have to handle MX traffic. In addition to the postfix configuration > changes this only requires (1) a free IP address and (2) DNS change.
"so that your users can continue to submit to port 25" and how will that lead to "close port 25 completly"? my server has not to handle *any* MX traffic from outside, thats a different machine and without SASL nobody but a few internal servers submits any mail besides that you gain nothing why in the world should admins deal with all sort of workarounds because MUA developers are too stupid for sane defaults and insist in use 25? frankly *all* ISP's should start to block outgoing port 25 and the problem would go away at the same time as 90% of attempted spam delivery would disappear because all the infected zombies have no longer a way to send their crap without hacking the acount data and use real submission the difference ISP is blocking 25 or i do the same is simply that nobody calls the ISP but anybody blames his mail admin which can help in both cases but in one point to the ISP :-)
