Hi, I have ASSP listening on port 26 as it's secondary port, for my clients who need to send mail from a residential ISP that blocks port 26. Recently, though, I have been seeing users blocked on port 26 also, so I'm looking into the possibility of getting ASSP to listen on more ports. Is it possible and feasible to use IPTables to get another port, like 2525, to forward internally to port 25/26 that ASSP listens on? I would just change port 26 to something else, but I also have many users configured with it, and there are also a number behind odd firewalls that would block an odd port like 2525 also,so having both options would be nice.
Another possible "cure" is to use the an SSL secure connection and use the SSL port (465). Currently, one has to use stunnel to approximate an SSL connection for ASSP. It is pretty hacky and also invalidates any IP checks as ASSP thinks the mail is coming from localhost, and the IPs in the mail header are not trusted anyways. Someone said once that it's what is holding ASSP back from being a real contender in areas where secure connections are necessary. There were last week talks of getting ASSP to check the headers for IP tests. Would this solve the issue of IP tests being invalidated with stunnel? Are SSL libraries at a maturity level in Perl where it could be implemented in ASSP itself? I remember reading that SSL support is "outside of ASSP's scope", but I have to disagree. If ASSP is a proxy for the MTA, it ought to support every connection that the MTA does, seeing as we can't/won't connect directly to the MTA anymore. One _could_ connect directly to the MTA on the new port it listens on, but then one loses the whitelisting and bayesian training that happens when mail goes out through ASSP. If I understand correctly, if mail is sent out via an ISP's SMTP server, or otherwise bypasses ASSP, the mail isn't logged/whitelisted/trained against since it never touches ASSP, right? If SSL is implemented, then ASSP would definitely need more ports to listen on: port 25, 26/2525 for an additional unencrypted port, then 465 for the secure connection. I've been reading and studying for entirely too long today. I apologize if any of this is weird or just plain wrong. David ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
