On Fri, Oct 05, 2007 at 08:45:51AM +1000, Paul Gear wrote: > > My understanding of SMTP submission was that 587 was intended to be open > normally only on the loopback interface (i.e. it's used for submitting > mail from the local machine). > I don't think that is right. The relevant RFC [0] never mentions loopback or that it is only meant for submitting from the local machine.
> DNATing from port 25 outgoing to port 26 on a specific server seems like > a reasonable thing to do (although possibly less secure than using a > local mail relay and pushing SMTP traffic through a VPN link). > > Jérôme, if you decide to do it this way, DNAT is what you will need, > since REDIRECT only redirects to ports on the firewall itself. > Regards, -Roberto [0] http://www.faqs.org/rfcs/rfc2476.html -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com
signature.asc
Description: Digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
