Sorry, I was not clear in my description.
I am setting up iptables rules for the server that is the MTA. What I wanted to have was SMTP input packets routed only to the server, and SMTP output packets routed only from the server. I know how to do that, but as the server IP is dynamic, it would make life easier if there were no security issues, and I could ignore source/destination packet routing. ------------------------------- 1. Server talks to outside world using SMTP (or ESMTP) - so SMTP rules apply there. 2. Clients (or users) talk to server using POP3 or IMAP or whatever else. 3. Server outside (public) IP cannot change and so server's private IP should also be fixed. This because you wouldn't want DNS MX record to be dynamic or you'll have problems receiving mail from outside world. 4. Server is able to communicate with pop3 clients unrestricted - with secure communication enabled. 5. Server is able to talk SMTP to any other MTA but is not open relay (meaning that it can send and receive emails for its own domain only). Can use TLS but not all MTAs may support it. 6. Email spam is controlled by having email go through a spam filter software (kind of a proxy to receive mail from outside world), that filters spam and suspected virus emails etc and then forwards to your MTA. 7. Routing to or from SMTP server should work as such but plays no part in security. Hope it helps. --Naresh _______________________________________________ Ilugd mailing list Ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd
