Erik Espinoza wrote:
A BSD admin that can take qmailtoaster and make it run on BSD can
implmenet a firewall policy using ipf.
Sure ;-D. But you're not taking into account admin laziness.
ES, port 587 is all about SMTP-AUTH, meaning that tcprules shouldn't
really matter as it's all done through auth. Port 25 doesn't require
auth, therefore it would need independent control.
What possible scenario would we need to control port 587 independently
of port 25 and why?
This seems like unnecessary complication, with no pay off at all.
You know, that is the reason I'd like to see that files separated.
Submission service and SMTP service in fact serve for totally different
purposes. One is used for MUA->MTA message submission, other is used
for MTA-to-MTA message transfer. I can hardly see why should I use same
tcprules for totally different services?
In ideal world I would enable things like SPF and simscan only on SMTP
service, and domainkeys or dkim signing only on SUBMISSION service. And
I would never-ever add IP ranges with RELAYCLIENT="" to the tcprules for
SUBMISSION service as it will look like nonsence there - I always want
my users to auth themselves to use SUBMISSION service.
That is why I use separate rulesets for SMTP and SUBMISSION.
--
Best regards,
Alexey Loukianov mailto:[EMAIL PROTECTED]
System Engineer,
IT Department,
Lavtech Corp.
---------------------------------------------------------------------
QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
