Re: [IMail Forum] problem with using port 587 on Imail v8.2

[Darrell \([EMAIL PROTECTED])]

I think where John is leading you is that if the users who are sending outbound mail through your server are using port 587 than you do not need to allow relaying since that is inherently allowed via smtp auth.   While SMTP Auth is the best solution for most if not all situations like this.  If by some chance you needed to allow relaying settings (which only affects mail received on port 25) the best thing to do is to set only trusted ip addresses from your network.  But keep in mind this is not bullet proof either (virus, trojan, etc - on a client system could exploit this).   While your one step ahead of the game by allowing only postini servers to hit port 25 on your server via your firewall (thus your exposure is not that high) but it is always best to have multiple layers of security in the odd chance thats something happens.  For me its not uncommon to stumble on someone's edge router where a previous tech forgot to apply an ACL...  As they say stuff happens...   Darrell   ------------------------------------------------------------------------ Check out http://www.invariantsystems.com for utilities for Declude And Imail.  IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. ----- Original Message ----- From: John T (Lists) To: Imail_Forum@list.ipswitch.com Sent: Monday, August 28, 2006 9:41 PM Subject: RE: [IMail Forum] problem with using port 587 on Imail v8.2 OK, now all I have to do is say I am so and so from your office and the guard lets me in.   Try again please.   John T eServices For You   "Seek, and ye shall find!"   -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Geza Levai Sent: Monday, August 28, 2006 6:24 PM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] problem with using port 587 on Imail v8.2   John, Thanks for your right on target "investigative" question, I got the point. I changed the relay options from "to anyone" to "Local users only" and added all of those user accounts ([EMAIL PROTECTED]) to the "accept.txt" file that will use this service from outside of the office. What do you think? Geza At 8/28/2006 05:54 PM Monday, you wrote: So if the gate surrounding your house is locked and the guard only lets in those on a list, you leave the front door unlocked and open?   John T eServices For You   "Seek, and ye shall find!"   -----Original Message----- From: [EMAIL PROTECTED] [ mailto:[EMAIL PROTECTED]] On Behalf Of Geza Levai Sent: Monday, August 28, 2006 5:42 PM To: Imail_Forum@list.ipswitch.com Subject: Re: [IMail Forum] problem with using port 587 on Imail v8.2   Hey guys, Thank you for your quick responses as well. Let me response to all 3 emails in one message here: about "relaying for anyone": The reason why I took the liberty to enable this switch was that the spam and email filtering is done by Postini for us. (Postini is our front end SMTP server for receiving messages from the outside world) and I have port 25 on the firewall limited to traffic only from the postini email servers. It is true, that port 587 is now capable of receiving  SMTP requests from anyone, but I figured, that spammers do not use that port for spamming or dictionary or DOS attacks. Since I have SMTP auth enabled on the email server I figured, that only those emails will get in, that were authenticated by username and password on port 587. What do you think? Geza To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/