I read that is more simples block my clients with spamdyke using
filters domain 'from' and port 587 allow my clients.
Em 24-01-2012 09:19, Kalil Costa - Brasilsite escreveu:
I can't block port 25, if I do this I don't receive mail from
other mx mail and my clients are on the internet, anywhere in the
world.
Em 23-01-2012 19:57, Postmaster escreveu:
Kalz
Why not using iptables to block any outgoing SMTP connection?
iptables -A FORWARD -o eth0 -p tcp --dport 25 -j REJECT
Regards
Alex
On 20/01/2012 20:02, Kalil Costa - Brasilsite wrote:
Thks Dan,
I
understand completely, I think I'll work
with 465.
And how to lock my users for doesn't to
use port 25 ? I
want to receive only
external mails
in port 25 and my clients
to use port 465. Is it the correct way
?
thks again Dan.
Em 20-01-2012 15:41, Dan McAllister escreveu:
Kalil (aka: Kalz):
Port 587 ususlly does NOT force the use of SSL/TLS -- the
port is defined as a "submission" port and is most often
used as a "replacement" for SMTP in environments that
otherwise BLOCK port 25 access (like some ISPs do --
allowing port 25 ONLY to their own SMTP servers and/or
relays).
There is another port - 465 - that is another well-known
port defined as SMTPS whose specifications match what you
want: a port that only allows SSL/TLS connections.
OK, that part out of the way, here's how you add one or the
other (NOTE: I take some shortcuts here -- like using tar
pipes -- that some may object to... all I can say is that it
works!)
Step 1: Create the supervise folders to make qmail listen
on the additional ports
a) CD to the supervise folder
cd /var/qmail/supervise
b) copy the smtp directory tree into a new tree called
submission (for port 587) and then another called smtp-ssl
(for port 465)
for DIR in submission smtp-ssl ; do
mkdir $DIR
chown qmaill:qmail $DIR
chmod 1700 $DIR
tar cvf - -C smtp . | tar xvf - -C $DIR
done
c) Modify the run scripts in the new folders as
below
In the SUBMISSION folder:
BEFORE the exec line at the bottom, add (or modify
if they already exist) the lines:
export REQUIRE_AUTH=1
export SMTPS=0
ON the exec line at the bottom, change the 25
(should be right after a 0) to 587
Notes:
1) the exec line usually has continuation marks
(line ends with a \) -- this makes the last several ACTUAL
lines one VIRTUAL line (and improves readability)
2) your installation MAY use a variable (e.g.:
USEPORT) -- if so, look for the line above that ends in "=25"
and change that one!
In the SMTPS folder:
BEFORE the exec line at the bottom, add (or modify
if they already exist) the lines:
export REQUIRE_AUTH=1
export SMTPS=1
ON the exec line at the bottom, change the 25
(should be right after a 0) to 465
Notes:
1) the exec line usually has continuation marks
(line ends with a \) -- this makes the last several ACTUAL
lines one VIRTUAL line (and improves readability)
2) your installation MAY use a variable (e.g.:
USEPORT) -- if so, look for the line above that ends in "=25"
and change that one!
d) OPTIONALLY:
If you're UNLIKE like me and you trust users NOT to be
the SOURCE of SPAM, then you can remove any SPAMDYKE or
SPAMASSASSIN processing you may have configured for your
standard (open) SMTP port
I hope this helps!
Dan McAllister
IT4SOHO
On 1/20/2012 12:09 PM, Kalil Costa - Brasilsite wrote:
Guys,
How to configure my qmailtoaster to use port 587 SMTPS
Submission for my clients and port 25 for other
servers from internet ? Some like this....
--CLIENTS----- port smtp/587--------------------->
**************
* SERVER *
--OTHER INTERNET MAIL SERVERS --- port 25---> *
QMAILTOASTER *
* *
--CLIENTS ----- port 25 ----***BLOCKED***
***************
Thanks for help
Kalz
---------------------------------------------------------------------------------
Qmailtoaster
is sponsored by Vickers Consulting Group (www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and
installations. If you need professional help with your
setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news,
updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
---------------------------------------------------------------------------------
Qmailtoaster
is sponsored by Vickers Consulting Group (www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and
installations. If you need professional help with your setup,
contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates,
and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
---------------------------------------------------------------------------------
Qmailtoaster
is sponsored by Vickers Consulting Group
(www.vickersconsulting.com) Vickers Consulting Group offers
Qmailtoaster support and installations. If you need professional
help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and
packages. To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com For additional
commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
|
