I'd be very careful with this one, CJ.
You need to keep 25 open for incoming (inter-domain) mail. ;)
If QMT doesn't have the patch for the FORCE_TLS option, it'd be nice if
it did. This is something I'd also like to see on the submission
instance of qmail-smtp.
Can you round up that patch? If you can give it a try, that'd be great.
If not, please post here where to get it so someone (hopefully other
than Jake) can give it a shot to see if it clashes with any other
patches we're using.
--
-Eric 'shubes'
On 02/03/2011 12:42 PM, Cecil Yother, Jr. wrote:
You could block port 25 in your iptables
On 02/03/2011 11:20 AM, Jeremy Utley wrote:
Hello everyone!
We're using a toaster installation for our primary mail server at my
company, and over the last few weeks we've been working on configuring
everyone's mail clients to use SSL for sending& receiving e-mail.
Now that we have everyone converted over to use of SSL, we'd like to
stop all non-SSL access. For imap and pop3, it was quite simple, I
simply disabled the imap4 and pop3 run scripts in
/var/qmail/supervise. However, for SMTP, I haven't had much luck yet.
We'd like to force the submission port 587 to require TLS and
SMTP-Auth before a message is sent out., while leaving SMTP port 25
un-modified. I had read on another qmail site that you could do this
by use of a FORCE_TLS=1 variable in the run script, but that did not
work, so I suspect that this patch is not in the toaster packages (and
running strings against /var/qmail/bin/qmail-smtpd seems to bear that
out). Is there any way with the toaster to enforce TLS usage, and
reject any mail that's not TLS. We'd like to stick with TLS so we
don't have to reconfigure everyone's mail clients for SMTPS, which is
deprecated at any rate.
Thanks for any help you all can give!
Jeremy
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
