Re: Don't filter the users\

2009-11-29 Thread mouss
Jordi Espasa Clofent a écrit : That is easy. Have your users connect to the submission port, and let everyone else connnect to the smtp port. Then, specify =o content_filter=whatever for the smtp port and not for the submission port. Yes Wietse, I've considered this simple and clean

Re: Don't filter the users

2009-11-25 Thread Jordi Espasa Clofent
You can tell the users that the submission port gets a better level of service than port 25, because they share that port with spammers. As you pointed out in your original email, they would be subject to less filtering, and therefore there would be less delay, less false positives, and so on.

Re: Don't filter the users\

2009-11-25 Thread Mikael Bak
Stan Hoeppner wrote: Why bother? This is an ISP scenario, correct? The 587 command set is standard SMTP right? Just iptables (verb) TCP 25 to TCP 587 for any IP ranges within the ISP's MUA customer range. This is assuming said customers already have to submit auth over TCP 25 to relay

Re: Don't filter the users\

2009-11-25 Thread Jan Kohnert
Mikael Bak schrieb: Submission on port 587 implies STARTTLS (I think). Well, only if you configure it that way. (OK, it *really* makes sense to encrypt transfer, if you do authentication...) But: jan...@kohni ~ $ telnet smtp.web.de 587 Trying 217.72.192.157... Connected to smtp.web.de. Escape

Don't filter the users

2009-11-24 Thread Jordi Espasa Clofent
Hi all, I've a Postfix working with Perl-based filter. All works fine, but I don't want filter the legitimate users (who are authenticated using SASL) when they want to do massive mailing using their e-mail client (ThunderBird, Outlook... and so on). I can do it easily hacking the actual

Re: Don't filter the users\

2009-11-24 Thread Wietse Venema
Jordi Espasa Clofent: Hi all, I've a Postfix working with Perl-based filter. All works fine, but I don't want filter the legitimate users (who are authenticated using SASL) when they want to do massive mailing using their e-mail client (ThunderBird, Outlook... and so on). That is easy.

Re: Don't filter the users\

2009-11-24 Thread Jordi Espasa Clofent
That is easy. Have your users connect to the submission port, and let everyone else connnect to the smtp port. Then, specify =o content_filter=whatever for the smtp port and not for the submission port. Yes Wietse, I've considered this simple and clean option, but we're a hosting company and

Re: Don't filter the users\

2009-11-24 Thread Sahil Tandon
On Nov 24, 2009, at 12:39 PM, Jordi Espasa Clofent jespa...@minibofh.org wrote: That is easy. Have your users connect to the submission port, and let everyone else connnect to the smtp port. Then, specify =o content_filter=whatever for the smtp port and not for the submission port. Yes

Re: Don't filter the users\

2009-11-24 Thread LuKreme
On 24-Nov-2009, at 10:39, Jordi Espasa Clofent wrote: That is easy. Have your users connect to the submission port Yes Wietse, I've considered this simple and clean option, but we're a hosting company and the costumers are to lazy to understand and accept an approach like this. Force

Re: Don't filter the users\

2009-11-24 Thread Sahil Tandon
On Nov 24, 2009, at 3:07 PM, LuKreme krem...@kreme.com wrote: On 24-Nov-2009, at 10:39, Jordi Espasa Clofent wrote: That is easy. Have your users connect to the submission port Yes Wietse, I've considered this simple and clean option, but we're a hosting company and the costumers are to

Re: Don't filter the users\

2009-11-24 Thread Michael Saldivar
On Tue, Nov 24, 2009 at 1:25 PM, Sahil Tandon sa...@tandon.net wrote: On Nov 24, 2009, at 3:07 PM, LuKreme krem...@kreme.com wrote: On 24-Nov-2009, at 10:39, Jordi Espasa Clofent wrote: That is easy. Have your users connect to the submission port Yes Wietse, I've considered this simple

Re: Don't filter the users

2009-11-24 Thread Wietse Venema
Jordi Espasa Clofent: That is easy. Have your users connect to the submission port, and let everyone else connnect to the smtp port. Then, specify =o content_filter=whatever for the smtp port and not for the submission port. Yes Wietse, I've considered this simple and clean option,

Re: Don't filter the users\

2009-11-24 Thread Sahil Tandon
On Nov 24, 2009, at 3:48 PM, Michael Saldivar mike.saldi...@advocatecreditrepair.com wrote: On Tue, Nov 24, 2009 at 1:25 PM, Sahil Tandon sa...@tandon.net wrote: On Nov 24, 2009, at 3:07 PM, LuKreme krem...@kreme.com wrote: On 24-Nov-2009, at 10:39, Jordi Espasa Clofent wrote: That is

Re: Don't filter the users\

2009-11-24 Thread Noel Jones
On 11/24/2009 3:06 PM, Sahil Tandon wrote: If only it were so. Think company that decides caters to thousands (insert a larger number of your liking here to avoid another sarcastic response that misses the point) of users on port 25 and can't one day just STOP accepting all mail on that port,

Re: Don't filter the users\

2009-11-24 Thread Stan Hoeppner
Noel Jones put forth on 11/24/2009 3:37 PM: OP can probably exploit the fact that end-user mail clients send to an A record, MTAs send to an MX. Set smtp.example.com's A record to some IP that only accepts authenticated mail, and point the MX to a different IP. ... and then plan a 6

Re: Don't filter the users\

2009-11-24 Thread Jerry
On Tue, 24 Nov 2009 13:48:02 -0700 Michael Saldivar mike.saldi...@advocatecreditrepair.com replied: On Tue, Nov 24, 2009 at 1:25 PM, Sahil Tandon sa...@tandon.net wrote: On Nov 24, 2009, at 3:07 PM, LuKreme krem...@kreme.com wrote: On 24-Nov-2009, at 10:39, Jordi Espasa Clofent wrote:

Re: Don't filter the users\

2009-11-24 Thread Jerry
On Tue, 24 Nov 2009 16:06:44 -0500 Sahil Tandon sa...@tandon.net replied: On Nov 24, 2009, at 3:48 PM, Michael Saldivar mike.saldi...@advocatecreditrepair.com wrote: On Tue, Nov 24, 2009 at 1:25 PM, Sahil Tandon sa...@tandon.net wrote: On Nov 24, 2009, at 3:07 PM, LuKreme

Re: Don't filter the users\

2009-11-24 Thread Sahil Tandon
On Tue, 24 Nov 2009, Jerry wrote: Sahil Tandon sa...@tandon.net replied: If only it were so. Think company that decides caters to thousands (insert a larger number of your liking here to avoid another sarcastic response that misses the point) of users on port 25 and can't one day just