On 08/26/2011 04:15 PM, Gilbert T. Gutierrez, Jr. wrote:
I have whitelisted my customer IPs so they can now send via port 25 if
they desire. My support staff were starting to get frazelled by all the
calls they were receiving. I do not assign rPTR records for most of my
customers and with the default settings of spamdyke those emails are
rejected.
I think I get the picture now.
FWIW, I configure servers to use authentication when sending emails in
order to avoid that problem. Plus I think it's a little more secure.
The submission port though seems to be requiring TLS according to what
my support techs (I don't talk directly to any of my customers anymore)
are telling me, and you are correct that it does not go through spamdyke
when using port 587. I am going to test at home and see if I can send
unencrypted. I have some customers that still have versions of Outlook
that do not support TLS.
TTBOMK dovecot (imap4,pop3) can be configured to require TLS/SSL, but I
don't know of a way to do so with the submission port 587, which runs
qmail-smtpd. Perhaps there's some confusion between the two?
FWIW, smtps (smtp over ssl, port 465, deprecated) is not configured on
the stock toaster. There are directions on the wiki regarding how to set
this up if you desire.
Outlook'03 and previous can use SSL but not TLS, ttbomk. Cram-MD5 might
work in this case to keep passwords out of the clear, but I'm not sure
about that.
Gilbert
----- Original Message ----- From: "Eric Shubert" <[email protected]>
To: <[email protected]>
Sent: Friday, August 26, 2011 3:45 PM
Subject: [qmailtoaster] Re: TLS on 587
On 08/26/2011 12:08 PM, Gilbert T. Gutierrez, Jr. wrote:
Getting used to using spamdyke. I have never used it before and it seems
to be causing problems for some of my customers. I have had to IP
whitelist a couple IPs for people who have always relayed their alarms
through my server..
The issue I still have not solved is my server requiring TLS on port
587. My old server did not (It was optional before and I cannot find the
setting to make it optional again). require TLS on 587. I am sure as I
look through Spamdyke files I will find that option.
Gilbert
---------------------------------------------------------------------------------
Let me see if I can clarify a couple things.
Port 587 requires authentication, but TLS is not required for smtp
(although TLS is highly recommended).
Spamdyke operates on port 25, and is not connected to port 587 in any
way. Running spamdyke on port 587 would be pointless, as port 587
requires authentication, and spamdyke bypasses all filters on
authenticated connections (in case any client program were to submit
using port 25).
Whitelisting certain IPs for relaying operational emails is not
uncommon. It's better to configure the client software to send with
authentication (and TLS), although that's sometimes not practical.
With this in mind, would you like to try again? ;)
--
-Eric 'shubes'
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
--
-Eric 'shubes'
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
