Erik Espinoza wrote: > ES, port 587 is all about SMTP-AUTH, meaning that tcprules shouldn't > really matter as it's all done through auth. Port 25 doesn't require > auth, therefore it would need independent control.
This sounds to me like a good argument *for* separating them. The processes are inherently (naturally) different. Saying that tcprules "shouldn't really matter" for submission isn't really the case. It's true that there should essentially be no rules, but that's different. If you need to put constraints on MTA sessions, as Stephen needed to do (remember what started this thread?), they would be inappropriate for MSA sessions (which would need to be wide open), which causes a problem. > What possible scenario would we need to control port 587 independently > of port 25 and why? Any time that an admin might need to control MTA traffic/access independently of MSA. The MSA rules would be simple and static (practically non existent, because SMTP-AUTH is handling everything, and would rarely need to change), while most of the tailoring (allowing only MTA from a limited set of servers, for instance) would exist in the MTA rules. > This seems like unnecessary complication, with no pay off at all. I guess what you see as complication I see as simplicity. The payoff is being able to change MTA behavior without impacting the MSA. This is the same reason that MSA was separated to begin with, was it not? > Erik > > On 1/31/07, Eric Shubes <[EMAIL PROTECTED]> wrote: >> Problem: controlling/configuring smtp and submission independently is >> difficult, if not impossible. >> >> Is there are reason why there *shouldn't* be separate tcprules files? >> I see >> no advantage to having them share the same one. >> >> Erik Espinoza wrote: >> > A BSD admin that can take qmailtoaster and make it run on BSD can >> > implmenet a firewall policy using ipf. >> > >> > I don't think having two tcp.smtp's is going to help, it doesn't seem >> > to solve any problems we are having. >> > >> > >> > Erik >> > >> > On 1/31/07, Alexey Loukianov <[EMAIL PROTECTED]> wrote: >> >> Greetings, Eric. >> >> >> >> 31 января 2007 г., 22:05:38 you have wrote: >> >> >> >> > Alexey Loukianov wrote: >> >> >> Greetings, Erik. >> >> >> >> >> >> 31 ?????? 2007 ?., 6:02:20 you have wrote: >> >> >>>> Separate tcprules file for submission port seems to me as a >> better >> >> >>>> approach. It keeps administration of QT flexible and unified, and >> >> also >> >> >>>> it is more cross-platforming way, as tcpserver works on any >> platform >> >> >>>> qmail can run on, while iptables is available only on linux >> systems >> >> >>>> based on kernels 2.4.x and later. >> >> >> >> >> >>> Who cares? We don't even support Debian. . . :) >> >> >> >> >> >> Me, for example ;-D. A friend of mine, also a system engineer, >> >> >> administer small FreeBSD based cluster, and he uses QT in his >> setup. >> >> >> Accordingly to his words, it wasn't too hard to build and >> install RPM >> >> >> system on his BSD boxes, and then to correct specs so basic QT >> parts >> >> >> builds up and install successfully. >> >> >> >> >> >> Well, in any case we can always create tcp.submission ourselves, >> just >> >> >> like I do it for tcp.pop3 ;-D. But the laziness of sysadmin is the >> >> >> thing that makes me want tcp.submission to be included in stock >> >> >> toaster. >> >> >> >> >> > I agree with Alexey on this. Besides which, wouldn't it be nice to >> >> have QT >> >> > on BSD as well? I wonder if Alexey's friend would care to contribute >> >> in this >> >> > area. >> >> >> >> It is not so easy, as BSD way is not to use RPMS, while main toaster >> >> advantage is it's RPM nature. A friend of mine came to BSD world from >> >> RedHad based linux distros, that is why he uses RPM even on BSD - it >> >> is just a matter of habbit. >> >> >> >> Well, it is still possible to port QT on BSD and distribute is as a >> >> bunch of tarballs if we will find some BSD geek who will want to >> >> maintenance it. But I don't think it is a urgent task for qt-dev team >> >> ;-D. >> >> >> >> -- >> >> Best Regards, >> >> Alexey Loukianov >> mailto:[EMAIL PROTECTED] >> >> >> >> Software Development Department, >> >> Lavtech Corp >> >> http://mnogo.ru, http://lavtech.ru >> >> -- -Eric 'shubes' --------------------------------------------------------------------- QmailToaster hosted by: VR Hosted <http://www.vr.org> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
