On Wed, Nov 12, 2008 at 12:44 PM, mouss <[EMAIL PROTECTED]> wrote: > Linux Addict wrote: > >> On Tue, Nov 11, 2008 at 4:53 PM, Charles Marcus >> <[EMAIL PROTECTED]>wrote: >> >> On 11/11/2008 4:49 PM, Charles Marcus wrote: >>> >>>> Common administrative practices include submission on 587 for >>>>> trusted clients only and should not be permitted on the internet. >>>>> This port should be firewalled outside of your network. >>>>> >>>> Excuse me?!?!? Thats ridiculous... in fact, just the OPPOSITE is >>>> true. >>>> >>> Well... correction... >>> >>> Port 587 is designed to provide smtp_auth services to trusted clients >>> VIA an UNtrusted network (like the internet)... >>> >>> So, no WAY should it be firewalled - just limit it to sasl_auth based >>> sessions - and hopefully you enforce strong password policies too... >>> >>> -- >>> >>> Best regards, >>> >>> Charles >>> >>> >> >> My reason for configuring domain keys is yahoo not filtering my mails as >> spam. >> > > because you think once you sign your mail they will deliver it to Inbox?
:-) I know they may or may not. As an admin, we are trying our best. > > > I dont want to go back and change more than 1000 clients port from 25 >> to 587. >> >> if they come from specific networks, you can use a NAT implementation to > redirect them to port 587. otherwise, see below. > > >> So is there anyway we can achieve domainkeys authentication on port 25? >> >> > smtpd_client_restrictions = > check_client_access pcre:/etc/postfix/filter_outbound > permit_mynetworks > permit_sasl_authenticated > check_client_access pcre:/etc/postfix/filter_inbound > > == filter_outbound > # pass to "outbound" filter > /./ FILTER scan:[127.0.0.1]:10586 > > == filter_inbound > # pass to "inbound" filter > /./ FILTER scan:[127.0.0.1]:10024 > > if you wonder what that does: > - if mail comes from mynetworks or is sasl authenticated, then it is passed > to port 10586 > - otherwise, it is passed to port 10024 > > > >
