I agree, but I think port 465 is obsolete these days, and 587 is the one to use.
(Could be wrong, but that's what I picked up on the Postfix mailing list recently). James. On 22/09/2007, at 6:13 PM, David wrote: > Hi, > > I have ASSP listening on port 26 as it's secondary port, for my > clients > who need to send mail from a residential ISP that blocks port 26. > Recently, though, I have been seeing users blocked on port 26 also, so > I'm looking into the possibility of getting ASSP to listen on more > ports. Is it possible and feasible to use IPTables to get another > port, > like 2525, to forward internally to port 25/26 that ASSP listens on? I > would just change port 26 to something else, but I also have many > users > configured with it, and there are also a number behind odd firewalls > that would block an odd port like 2525 also,so having both options > would > be nice. > > Another possible "cure" is to use the an SSL secure connection and use > the SSL port (465). Currently, one has to use stunnel to > approximate an > SSL connection for ASSP. It is pretty hacky and also invalidates > any IP > checks as ASSP thinks the mail is coming from localhost, and the > IPs in > the mail header are not trusted anyways. Someone said once that it's > what is holding ASSP back from being a real contender in areas where > secure connections are necessary. There were last week talks of > getting > ASSP to check the headers for IP tests. Would this solve the issue > of IP > tests being invalidated with stunnel? Are SSL libraries at a maturity > level in Perl where it could be implemented in ASSP itself? > > I remember reading that SSL support is "outside of ASSP's scope", > but I > have to disagree. If ASSP is a proxy for the MTA, it ought to support > every connection that the MTA does, seeing as we can't/won't connect > directly to the MTA anymore. One _could_ connect directly to the > MTA on > the new port it listens on, but then one loses the whitelisting and > bayesian training that happens when mail goes out through ASSP. If I > understand correctly, if mail is sent out via an ISP's SMTP server, or > otherwise bypasses ASSP, the mail isn't logged/whitelisted/trained > against since it never touches ASSP, right? > > If SSL is implemented, then ASSP would definitely need more ports to > listen on: port 25, 26/2525 for an additional unencrypted port, > then 465 > for the secure connection. I've been reading and studying for entirely > too long today. I apologize if any of this is weird or just plain > wrong. > > David > > ---------------------------------------------------------------------- > --- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2005. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Assp-user mailing list > Assp-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-user ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
