Dear David Lord - > I've still not worked out if you want mail coming in via postini to be allowed > to be relayed or if postini is just an external filter for scanning some of your > incoming mail. If the latter, I can't see why it should need to be treated different > to any other incoming email. However you've mentioned putting an entry for > postini in smtprelay.tab which would indicate that you intend it is allowed to > be relayed. I can't see how that can be done securely though without authentication.
Please understand that I support eMail for about over 300 Domains and about 450 eMailboxes so changing ports would be large task. Further, you are correct that the eMail from Postini plus outbound eMail from clients are Relay'd on Port 25. The problem is 1) the SPAMers are ignoring the MX records and using a private look-aside IP Address Database(s) which allows the SPAMers to bypass Postini by directly making a connection to the xMail Server on it's IP Address on Port 25; and 2) the SPAMers are constantly scanning IPs around the world for new or moved eMail servers; therfore they will eventually any "hidden" open Server within weeks -- I'm not just talking about an Issuse with SMTP -- this includes ALL of the protocols including the more common FTP, SQL, SMB, etc. Thefore, one has no choice but to lock the relay function to only accept eMails from the upstream relay MTA; in this case Postini IPs. This is easily doable on Many of the MTAs that I've come across in the past like Microsoft Exchange; and RFC 4409 already proposed this concept. Thanks, Hal Dell Managing Partner ePodWorks.net, Inc. - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
