Re: smtp auth + greylisting
You should not have to touch every end user workstation to make such a simple config change. Windows, Outlook, and Active Directory can be controlled via scripting. (Yes, I'm going out on a limb and guessing you're in the 90% of businesses that run all three for end users and their workstations.) OS X, Mail, and Entourage can also be remotely controlled and scripted. I'm not familiar with other mail clients to speak about their capabilities. Though, obviously, nix-based setups are typically scriptable. It has been a long time since I've had to directly support end users and their workstations, so you'll have to do your own homework on how to do this. I only know you can do it. Aside: Anytime you, as a sysadmin, consider touching every end user workstation something has gone very, very wrong. Either you need to bone-up on administration best practice or get/learn better tools or both. I hope this helps. -- Freedom, Truth, Love, Beauty. John Rodenbiker [EMAIL PROTECTED] On May 22, 2007, at 4:19 PM, Stephen Schaff wrote: That's a really good point. However we have about 200 users we'd have to get to switch their mail settings - 99% of don't know what mail settings are of course. Changing ports could prove very painful. I will definitely consider it though, given how painful email is without greylisting. Best Regards, Stephen On 22-May-07, at 3:10 PM, Bob Beck wrote: Trust me - bit the bullet and change to 587/465 anyway. we had to for road warriors because 25 is blocked in so many places anyway from walkups. You're better just getting your users to switch. * Chad M Stewart [EMAIL PROTECTED] [2007-05-22 12:46]: Since having users change their settings can be problematic in many environments, instead change the MX record. This way you can implement spamd right away and your users will not have to change anything. Though I would suggest moving the users to 587/465 in the future so that they don't get burned at places like hotels that redirect outbound port 25 traffic to a local SMTP proxy, that won't have a clue how to authenticate the user anyways. -Chad -- #!/usr/bin/perl if ((not 0 not 1) != (! 0 ! 1)) { print Larry and Tom must smoke some really primo stuff...\n; }
Re: smtp auth + greylisting
Stephen Schaff wrote: I just moved my super-fantastic spamd soekris in front of a new mail server that requires SMTP Auth to send mail... and it broke. No one can send mail from that server. My old server didn't require SMTP Auth and it worked fine. i have spamd setup at work and have users relay SASL authenticated SMTP through port 587 (submission) instead of port 25. if you have them relaying through port 25 they're bound to get tarpitted or have a tough time getting on the whitelist. I couldn't find anything in the docs or on the net that suggests that I need to make changes - but obviously I do. Can anyone point me in the right direction? Your help is much appreciated! Best Regards, Stephen
Re: smtp auth + greylisting
have your smtp-auth people use port 587/465[1]. That will also solve the problem of traveling users being blocked at public access points. [1] smtp+sasl or smtp wrapped in ssl, depending on the client. Don't forget to enable this in your MTA. On 2007 May 22 (Tue) at 10:22:19 -0600 (-0600), Stephen Schaff wrote: :I just moved my super-fantastic spamd soekris in front of a new mail :server that requires SMTP Auth to send mail... and it broke. No one :can send mail from that server. :My old server didn't require SMTP Auth and it worked fine. : :I couldn't find anything in the docs or on the net that suggests that :I need to make changes - but obviously I do. Can anyone point me in :the right direction? Your help is much appreciated! : : :Best Regards, :Stephen : -- We gave you an atomic bomb, what do you want, mermaids? -- I. I. Rabi to the Atomic Energy Commission
Re: smtp auth + greylisting
Since having users change their settings can be problematic in many environments, instead change the MX record. This way you can implement spamd right away and your users will not have to change anything. Though I would suggest moving the users to 587/465 in the future so that they don't get burned at places like hotels that redirect outbound port 25 traffic to a local SMTP proxy, that won't have a clue how to authenticate the user anyways. -Chad
Re: smtp auth + greylisting
Trust me - bit the bullet and change to 587/465 anyway. we had to for road warriors because 25 is blocked in so many places anyway from walkups. You're better just getting your users to switch. * Chad M Stewart [EMAIL PROTECTED] [2007-05-22 12:46]: Since having users change their settings can be problematic in many environments, instead change the MX record. This way you can implement spamd right away and your users will not have to change anything. Though I would suggest moving the users to 587/465 in the future so that they don't get burned at places like hotels that redirect outbound port 25 traffic to a local SMTP proxy, that won't have a clue how to authenticate the user anyways. -Chad -- #!/usr/bin/perl if ((not 0 not 1) != (! 0 ! 1)) { print Larry and Tom must smoke some really primo stuff...\n; }
Re: smtp auth + greylisting
That's a really good point. However we have about 200 users we'd have to get to switch their mail settings - 99% of don't know what mail settings are of course. Changing ports could prove very painful. I will definitely consider it though, given how painful email is without greylisting. Best Regards, Stephen On 22-May-07, at 3:10 PM, Bob Beck wrote: Trust me - bit the bullet and change to 587/465 anyway. we had to for road warriors because 25 is blocked in so many places anyway from walkups. You're better just getting your users to switch. * Chad M Stewart [EMAIL PROTECTED] [2007-05-22 12:46]: Since having users change their settings can be problematic in many environments, instead change the MX record. This way you can implement spamd right away and your users will not have to change anything. Though I would suggest moving the users to 587/465 in the future so that they don't get burned at places like hotels that redirect outbound port 25 traffic to a local SMTP proxy, that won't have a clue how to authenticate the user anyways. -Chad -- #!/usr/bin/perl if ((not 0 not 1) != (! 0 ! 1)) { print Larry and Tom must smoke some really primo stuff...\n; }
Re: smtp auth + greylisting
Write them step by step instructions, with screenshots for the client they use. Tell them they have 30 days (for example), remind them at 15 and the day before. I've done the above at several work sites (400ish and 50ish), and once management was on board, it was very simple. A tiny bit of work now, to solve many problems tomorrow. On 2007 May 22 (Tue) at 15:19:33 -0600 (-0600), Stephen Schaff wrote: :That's a really good point. However we have about 200 users we'd have :to get to switch their mail settings - 99% of don't know what mail :settings are of course. :Changing ports could prove very painful. I will definitely consider :it though, given how painful email is without greylisting. : : :Best Regards, :Stephen : :On 22-May-07, at 3:10 PM, Bob Beck wrote: : : : Trust me - bit the bullet and change to 587/465 anyway. :we had to for road warriors because 25 is blocked in so many :places anyway from walkups. You're better just getting your :users to switch. : : :* Chad M Stewart [EMAIL PROTECTED] [2007-05-22 12:46]: :Since having users change their settings can be problematic in many :environments, instead change the MX record. This way you can :implement spamd right away and your users will not have to change :anything. Though I would suggest moving the users to 587/465 in the :future so that they don't get burned at places like hotels that :redirect outbound port 25 traffic to a local SMTP proxy, that won't :have a clue how to authenticate the user anyways. : :-Chad : : :-- :#!/usr/bin/perl :if ((not 0 not 1) != (! 0 ! 1)) { : print Larry and Tom must smoke some really primo stuff...\n; :} : -- Kleptomaniac, n.: A rich thief. -- Ambrose Bierce, The Devil's Dictionary
Re: smtp auth + greylisting
Stephen Schaff wrote: That's a really good point. However we have about 200 users we'd have to get to switch their mail settings - 99% of don't know what mail settings are of course. Changing ports could prove very painful. I will definitely consider it though, given how painful email is without greylisting. Is all your users use the same client? If so, an easy capture of dialog box step by step put on a web site that users can see and do the same on their computers happen to be very efficient even for dummy users in remote area with many thousand users. Take a bit of time to do, but it hell save so much in the future that it's worth the two may be three hours it may take you, plus it's always good to point users back to that URL when they asked how to do it. (; Just an idea that save me countless hours in the pass!
Re: smtp auth + greylisting
arlo guthrie ... We walked in, sat down, Obie brought up the the help desk page with the twenty seven 800 x 600 colour glossy screenshots with circles and arrows and a paragraph below each one explaining what each one was to be used to show Windows users what to do. Luser came in and said My mail's broke, We all looked up, and Obie turned his monitor with the twenty seven 800x600 colour glossy screenshots, and the luser walked over with his laptop and sat down in front of Obie. Obie looked at the laptop and proceeded to talk to the luser for the better part of 30 minutes then looked at the luser, then looked at the twenty seven 800x600 colour glossy pictures, then looked at the luser and began to cry, 'cause Obie came to the realization that it was a typical case of American mouth breathing Windows luser, and there wasn't nothing he could do about it, and the luser wasn't going to look at the 27 800x600 colour glossy screenshots with the circles and arrows and a paragraph on the back of each one showing Windows users what to do. And we was reprimanded for having a system that was so darned difficult to use and so unhelpful, and told to litter the site with more flash.. But that's not what I came to tell you about... .. /arlo guthrie Sorry, couldn't resist... http://helpdesk.ualberta.ca/email :) -Bob * Peter Hessler [EMAIL PROTECTED] [2007-05-22 15:43]: Write them step by step instructions, with screenshots for the client they use. Tell them they have 30 days (for example), remind them at 15 and the day before. I've done the above at several work sites (400ish and 50ish), and once management was on board, it was very simple. A tiny bit of work now, to solve many problems tomorrow.
Re: smtp auth + greylisting
Ah, yes. That refers to normal instructions, usually by corporations that charge you obscene amounts of money to send you gibberish. But it is possible to write instructions that people can follow. And if you get mgmt to agree, you can require people read your instructions. Do this, or your email will stop working. No, I'm not kidding. :) It can be similar to pulling teeth to get them trained well, but then they can solve problems on their own, freeing you to solve the difficult and interesting problems, rather than spending all of your time configuring printers and email clients. Of course, this all depends on the quality of your documentation... On 2007 May 22 (Tue) at 16:08:10 -0600 (-0600), Bob Beck wrote: :arlo guthrie : :... : We walked in, sat down, Obie brought up the the help desk page with :the twenty seven 800 x 600 colour glossy screenshots with circles and :arrows and a paragraph below each one explaining what each one was to :be used to show Windows users what to do. Luser came in and said My :mail's broke, We all looked up, and Obie turned his monitor with the :twenty seven 800x600 colour glossy screenshots, and the luser walked :over with his laptop and sat down in front of Obie. Obie looked at the :laptop and proceeded to talk to the luser for the better part of 30 :minutes then looked at the luser, then looked at the twenty seven :800x600 colour glossy pictures, then looked at the luser and began to :cry, 'cause Obie came to the realization that it was a typical case of :American mouth breathing Windows luser, and there wasn't nothing he :could do about it, and the luser wasn't going to look at the 27 :800x600 colour glossy screenshots with the circles and arrows and a :paragraph on the back of each one showing Windows users what to do. :And we was reprimanded for having a system that was so darned :difficult to use and so unhelpful, and told to litter the site with :more flash.. : :But that's not what I came to tell you about... :.. : :/arlo guthrie : :Sorry, couldn't resist... http://helpdesk.ualberta.ca/email :) : : -Bob : : :* Peter Hessler [EMAIL PROTECTED] [2007-05-22 15:43]: : Write them step by step instructions, with screenshots for the client : they use. Tell them they have 30 days (for example), remind them at 15 : and the day before. : : I've done the above at several work sites (400ish and 50ish), and once : management was on board, it was very simple. A tiny bit of work now, to : solve many problems tomorrow. : : -- A reactionary is a man whose political opinions always manage to keep up with yesterday.
Re: smtp auth + greylisting
On Tue, 22 May 2007 16:08:10 -0600, Bob Beck wrote: arlo guthrie ... We walked in, sat down, Obie brought up the the help desk page with 8snip And you can get anything you want at Bob Beck's Restaurant, as long as it's moose! Loved it Bob! You are not just a good coder. Thanks, the day just got better, _Rod Depressed? Me? Don't make me laugh! :Spike Milligan:1918-2002: