I can't block port 25, if I do this I don't receive mail from other
mx mail and my clients are on the internet, anywhere in the world.
Em 23-01-2012 19:57, Postmaster escreveu:
Kalz
Why not using iptables to block any outgoing SMTP connection?
iptables -A FORWARD -o eth0 -p tcp --dport 25 -j REJECT
Regards
Alex
On 20/01/2012 20:02, Kalil Costa - Brasilsite wrote:
Thks Dan,
I
understand completely, I think I'll work with
465.
And how to lock my users for doesn't to use
port 25 ? I want
to receive
only external
mails in port 25 and my clients to use port 465.
Is it the correct way ?
thks again Dan.
Em 20-01-2012 15:41, Dan McAllister escreveu:
Kalil (aka: Kalz):
Port 587 ususlly does NOT force the use of SSL/TLS -- the port
is defined as a "submission" port and is most often used as a
"replacement" for SMTP in environments that otherwise BLOCK
port 25 access (like some ISPs do -- allowing port 25 ONLY to
their own SMTP servers and/or relays).
There is another port - 465 - that is another well-known port
defined as SMTPS whose specifications match what you want: a
port that only allows SSL/TLS connections.
OK, that part out of the way, here's how you add one or the
other (NOTE: I take some shortcuts here -- like using tar
pipes -- that some may object to... all I can say is that it
works!)
Step 1: Create the supervise folders to make qmail listen on
the additional ports
a) CD to the supervise folder
cd /var/qmail/supervise
b) copy the smtp directory tree into a new tree called
submission (for port 587) and then another called smtp-ssl
(for port 465)
for DIR in submission smtp-ssl ; do
mkdir $DIR
chown qmaill:qmail $DIR
chmod 1700 $DIR
tar cvf - -C smtp . | tar xvf - -C $DIR
done
c) Modify the run scripts in the new folders as below
In the SUBMISSION folder:
BEFORE the exec line at the bottom, add (or modify if
they already exist) the lines:
export REQUIRE_AUTH=1
export SMTPS=0
ON the exec line at the bottom, change the 25
(should be right after a 0) to 587
Notes:
1) the exec line usually has continuation marks
(line ends with a \) -- this makes the last several ACTUAL
lines one VIRTUAL line (and improves readability)
2) your installation MAY use a variable (e.g.:
USEPORT) -- if so, look for the line above that ends in "=25"
and change that one!
In the SMTPS folder:
BEFORE the exec line at the bottom, add (or modify if
they already exist) the lines:
export REQUIRE_AUTH=1
export SMTPS=1
ON the exec line at the bottom, change the 25
(should be right after a 0) to 465
Notes:
1) the exec line usually has continuation marks
(line ends with a \) -- this makes the last several ACTUAL
lines one VIRTUAL line (and improves readability)
2) your installation MAY use a variable (e.g.:
USEPORT) -- if so, look for the line above that ends in "=25"
and change that one!
d) OPTIONALLY:
If you're UNLIKE like me and you trust users NOT to be
the SOURCE of SPAM, then you can remove any SPAMDYKE or
SPAMASSASSIN processing you may have configured for your
standard (open) SMTP port
I hope this helps!
Dan McAllister
IT4SOHO
On 1/20/2012 12:09 PM, Kalil Costa - Brasilsite wrote:
Guys,
How to configure my qmailtoaster to use port 587 SMTPS
Submission for my clients and port 25 for other servers
from internet ? Some like this....
--CLIENTS----- port smtp/587--------------------->
**************
* SERVER *
--OTHER INTERNET MAIL SERVERS --- port 25---> *
QMAILTOASTER *
* *
--CLIENTS ----- port 25 ----***BLOCKED***
***************
Thanks for help
Kalz
---------------------------------------------------------------------------------
Qmailtoaster
is sponsored by Vickers Consulting Group (www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and
installations. If you need professional help with your
setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates,
and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
---------------------------------------------------------------------------------
Qmailtoaster
is sponsored by Vickers Consulting Group (www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and
installations. If you need professional help with your setup,
contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and
packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
|