Don''t need pop3 or imap Is there any other ports I need to manage? Well yes, there is DNS too in the mix. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Robert Moskowitz wrote:> Don''t need pop3 or imap > > Is there any other ports I need to manage? > > Well yes, there is DNS too in the mix.And possibly 465 (smtps) if you need to support encrypted mail other than via TLS. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
On Fri, Jan 04, 2008 at 10:23:50AM -0800, Tom Eastep wrote:> Robert Moskowitz wrote: > > Don''t need pop3 or imap > > > > Is there any other ports I need to manage? > > > > Well yes, there is DNS too in the mix. > > And possibly 465 (smtps) if you need to support encrypted mail other > than via TLS. >And port 587 (submission) for completeness. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Roberto C. Sánchez wrote:> On Fri, Jan 04, 2008 at 10:23:50AM -0800, Tom Eastep wrote: > >> Robert Moskowitz wrote: >> >>> Don''t need pop3 or imap >>> >>> Is there any other ports I need to manage? >>> >>> Well yes, there is DNS too in the mix. >>> >> And possibly 465 (smtps) if you need to support encrypted mail other >> than via TLS. >> >> > > And port 587 (submission) for completeness.And it seems that 113 (Ident) may also be needed, because once I opened 113 up, the mail was accepted by the remote MTA. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Robert Moskowitz wrote:> > And it seems that 113 (Ident) may also be needed, because once I opened > 113 up, the mail was accepted by the remote MTA. >The Shorewall default Actions for DROP policies will respond to connection requests on TCP port 113 with an RST which should satisfy any Auth client. So you must have inserted a DROP rule that was dropping TCP port 113. This is known to cause problems with other applications as well (most notably IRc). -tOM -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/