Pkg exim4 users - Jul 2006 - Multiple ports and enforcing authentication on just the non-standard one.

Flushed with success on getting the additional router working precisely 
the way I wanted it - thanks to a couple of people''s help here - what 
I''m looking to do next is get our MTA listening on a non-standard port 
as well as port 25.

Well, I know how to do that bit.

I do need to go and read up the README.Debian file on authentication - I 
know that gets a bit difficult.  What I need to know is whether the 
relevant chapter in there will tell me how to enforce authentication on 
the non-standard port - whilst not enforcing it on the standard SMTP port.

Why do I want to do this?  Well, two of our senior management are on 
Wanadoo UK who capture all port 25 traffic and force it through their 
server - so no matter what the management put in their SMTP settings 
(assuming standard port 25) it doesn''t go through the server they 
specify, but through Wanadoo''s server.

Secondly, it seems the Wanadoo UK servers have got themselves onto 
Sorbs'' DNSBL blacklist - which upsets at least two separate anti-spam 
systems - including ours - I''ve had to add a couple of rules to get 
around that.

Be nice if I could offer them a solution whereby they could relay via us 
- but I don''t want the whole of Wanadoo able to do that - hence the
need
for authentication on the non-standard port, but leave it turned off on 
port 25.

Any additional clues over what README.Debian will tell me gratefully 
accepted.

TIA

Regards
Neil


------------------------------------------------------------------------------------
Scanned for viruses, spam and offensive content by CensorNet MailSafe

Professional Web & E-mail Filtering from www.censornet.com

On 2006-07-16 Neil Briscoe <neil.briscoe@adelix.com>
wrote:
> Flushed with success on getting the additional router working precisely 
> the way I wanted it - thanks to a couple of people''s help here -
what
> I''m looking to do next is get our MTA listening on a non-standard
port
> as well as port 25.
Set
daemon_smtp_ports = 25:587
> Well, I know how to do that bit.
> I do need to go and read up the README.Debian file on authentication - I 
> know that gets a bit difficult.  What I need to know is whether the 
> relevant chapter in there will tell me how to enforce authentication on 
> the non-standard port - whilst not enforcing it on the standard SMTP port.
> Why do I want to do this?  Well, two of our senior management are on 
> Wanadoo UK who capture all port 25 traffic and force it through their 
> server - so no matter what the management put in their SMTP settings 
> (assuming standard port 25) it doesn''t go through the server they 
> specify, but through Wanadoo''s server.
> Secondly, it seems the Wanadoo UK servers have got themselves onto 
> Sorbs'' DNSBL blacklist - which upsets at least two separate
anti-spam
> systems - including ours - I''ve had to add a couple of rules to
get
> around that.
> Be nice if I could offer them a solution whereby they could relay via us 
> - but I don''t want the whole of Wanadoo able to do that - hence
the need
> for authentication on the non-standard port, but leave it turned off on 
> port 25.
I actually do not get why you want to explicitely disable SMTP AUTH on
port 25. This
auth_advertise_hosts = ${if eq{$interface_port}{587}{*}{}}
would probably do the trick.

cu andreas
-- 
The ''Galactic Cleaning'' policy undertaken by Emperor Zhark is
a personal
vision of the emperor''s, and its inclusion in this work does not
constitute
tacit approval by the author or the publisher for any such projects,
howsoever undertaken.                                (c) Jasper Ffforde

Hi Andreas
> Set
> daemon_smtp_ports = 25:587
Not the method I''d read - interesting - might try that one instead - it
looks neater.

[snip]
> I actually do not get why you want to explicitely disable SMTP AUTH on
> port 25. This
> auth_advertise_hosts = ${if eq{$interface_port}{587}{*}{}}
> would probably do the trick.
> 
Perhaps a little more background will assist.  I work for a small 
company - but we''re very dispersed - using technology to its fullest to
keep in touch.  I might converse in email, over MSN, Skype, and POTS 
with my colleagues during any particular working day.

The server which I''m configuring is based somewhere in a data centre in
London.  I''m near Bristol.

The main office is only 3 miles away, but its overcrowded already, so I 
get to work from home.  The two Senior managers who I mentioned work 
about 20 and 150 miles away.

Most of the people around here have fixed IP addresses, either singular, 
or a small block (say a /29) so its easy to allow them to relay by 
putting them in the permitted relay hosts.

Wanadoo, however, don''t give out fixed IP addresses, and thats why I 
only want to put authentication on the additional port and not on port 25.

Thanks for your feedback - I''ll go read README.Debian now. ;-))

Regards
Neil

------------------------------------------------------------------------------------
Scanned for viruses, spam and offensive content by CensorNet MailSafe

Professional Web & E-mail Filtering from www.censornet.com

On Sun, Jul 16, 2006 at 04:18:00PM +0100, Neil Briscoe
wrote:
> Wanadoo, however, don''t give out fixed IP addresses, and thats why
I
> only want to put authentication on the additional port and not on port 25.
"My users don''t have static IPs" doesn''t really lead
on to "I don''t
want AUTH on port 25" in my mind.  On the other hand the fact that
some domestic broadband IPs transparently proxy outgoing port 25
connections to their own mail servers would do it for me.

Cheers,
Andy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url :
http://lists.alioth.debian.org/pipermail/pkg-exim4-users/attachments/20060716/797f07ce/attachment.pgp